Trying connection with PagSeguro API and i have cors Problem

I’m trying conect my website with PagSeguro API. In Insomnia the request works, but in my website, the cors is the problem.

Problem:
x

Access to XMLHttpRequest at 'https://sandbox.api.pagseguro.com/charges' from origin 'https://mobile-andre-luis.web.app' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

buyCartela.js:107 POST https://sandbox.api.pagseguro.com/charges net::ERR_FAILED

Code Section:

const request = new XMLHttpRequest();
const body = {
        "reference_id": ``,
        "description": ``,
        "amount": {
            "value": 200,
            "currency": "BRL"
        },
        "payment_method": {
            "type": "CREDIT_CARD",
            "installments": 1,
            "capture": true,
            "soft_descriptor": "Cartela do Bode da Sorte",
            "card": {
                "number": ``,
                "exp_month": ``,
                "exp_year": ``,
                "security_code": ``,
                "holder": {
                    "name": ``
                }
            }
        },
        "notification_urls": [
            "http://127.0.0.1:5500/form/buyVerify.html"
        ],
        "metadata": {
            "idVendedor": "Papai Noel",
            "idCartela": ``,
            "nameComprador": ``,
            "phoneComprador": ``,

        }
    };


    const url = `https://sandbox.api.pagseguro.com/charges`;
    request.open("POST", url, true);
    request.setRequestHeader("Access-Control-Allow-Origin","*");
    request.setRequestHeader("Content-type","application/json");
    request.setRequestHeader("Authorization","x");
    request.setRequestHeader("x-api-version","4.0");
    request.send(body);

    console.log(request.response)