Server is blocking sending tickets

I want to add a ticket form on my website (I am using Magento 1.9). The ticket form is from Zoho.
I have added the code:

<script type="text/javascript" nonce="{place_your_nonce_value_here}" src="https://desk.zoho.com/portal/api/web/inapp/954830000000277001?orgId=849940443" defer></script>

When I click on the submit button, I get this error in console:
Access to XMLHttpRequest at ‘https://desk.zoho.com/portal/api/composetickets?portalId=edbsn4819b1fde9b48121f03c6ad521ec66e49dfee18db46bc47f9d1c82ca0276b4a1’ from origin ‘https://maxigel.ro’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
efc.15dfad6c7f6c6e7e258b_.js:1

POST https://desk.zoho.com/portal/api/composetickets?portalId=edbsn4819b1fde9b48121f03c6ad521ec66e49dfee18db46bc47f9d1c82ca0276b4a1 net::ERR_FAILED

I assume there is a server configuration that blocks sending the tickets.
Here are the headers from .conf file:

		Header always set Feature-Policy "autoplay 'none'"
		Header set Connection keep-alive
		Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
		Header always set Referrer-Policy "same-origin"
		Header set X-XSS-Protection "1; mode=block"
		Header set X-Content-Type-Options "nosniff"
		Header set Access-Control-Allow-Origin "*"
		Header always set X-Frame-Options "SAMEORIGIN"
		Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
		Header always set Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()"
		Header always set Content-Security-Policy "object-src 'none'; upgrade-insecure-requests;"

I don’t get it what is the problem and how to fix this.