It seems Tor Browser sometimes strips the Access-Control-Allow-Origin header. I ran into the issue when using Globe. When the header is stripped the browser console contains the warning ``` Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://onionoo.torproject.org/details?lookup=299F0933E93B6571ED1CB3D52090E6E13D62427C. (Reason: CORS header 'Access-Control-Allow-Origin' missing). ``` The reasons why i believe Tor Browser is the cause are 1. Onionoo explicitly sets the [header](https://gitweb.torproject.org/onionoo.git/tree/src/main/java/org/torproject/onionoo/server/ResourceServlet.java#n343). 2. Responses from direct requests to an [Onionoo resource](https://onionoo.torproject.org/summary?limit=4) using Tor Browser sometimes do not show the header in the Network Monitor. 3. Responses from direct requests to the same Onionoo resource using curl consistently contain the header.