No "Access-Control-Allow-Origin" in Matomo.js header

We use Matomo Cloud.

A client is setting up our Matomo javascript tag on their website - they utilise CSP so we have followed the instructions here

We need to enable cross domain tracking (CORS) so we have also followed the instructions here

However when I check the header of matomo.js there is no “Access-Control-Allow-Origin” flag set in the header?

Can anyone advise?

Thanks in advance

Don’t you have a proxy that could rewrite the HTTP headers?