Cross domain Ajax requests

From home, cross domain Ajax requests are not allowed for safety reasons, because as foreign malicious code when the client can be downloaded and executed.

Anyway to send a successful AJAX request to a different domain or subdomain or even from HTTP to HTTPS, do you need the access-control-allow-origin.

You must use not jsonp, How many propose, but can use regular json (the AJAX request is sent from

        url: "",
        type: 'GET',
        crossDomain: true,
        dataType: 'json',
        success: function(data) {
            console.log( data );
            $( ".result" ).html( data );
        error: function( data) {
            console.log("error ajax");
            console.log( data );
<div class='result'></div>

Only the following code must be included on the own page, to bypass the access-control-allow-origin:

header('Content-Type: application/json');

echo json:encode("it works");