Access-control-allow-origin missing in Under Attack Mode


I want to access from
When not in Under Attack Mode, it worked fine.
But after enabling Under Attack Mode, the “access-control-allow-origin:” was not returned from Cloudflare.
I wonder why and how to sole this issue.

Request URL:
Request Headers:

When I request from website directly, it does return the correct header.

$ curl --resolve -svo /dev/null --header “Origin:

GET /pool/stats HTTP/1.1
User-Agent: curl/7.47.0
Accept: /

This topic was automatically closed after 14 days. New replies are no longer allowed.