I\'m testing that the production web app has only allowed CORS HTTP headers. In my tests, the sent illegal CORS headers bypass the browser validations since the request goes
