How can i validate if the CORS Header are set?
There are many Web Firewall Applicances and Reverse Proxies
curl -i 'https://your-domain/client/2.0/version' -X 'OPTIONS' -H 'access-control-request-method: OPTIONS' -H 'origin: https://example.com'
This command should answer
HTTP/2 200 access-control-allow-headers: simplifiertoken,content-type,simplifierapp access-control-allow-methods: GET,OPTIONS,PUT,POST access-control-max-age: 100 content-length: 0 date: Fri, 19 Mar 2021 12:40:43 GMT