Use this little website to test if a URL is setup correctly to work with CORS.
Shareable link: https://cors-test.codehappy.dev/?method=get&origin=https%3A%2F%2Fapp.commercebird.com%2F&url=https%3A%2F%2Fnicobolt.com%2F
It does not have the access-control-allow-origin header set to *. Without this header, requests from other domains cannot be made to it via a users browser.
If you have access to the server for the URL, you'll need to modify it to add the access-control-allow-origin header. If you do not have access, you'll need to upload the file somewhere else.
These are the response headers received when making the request.
alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 9e5fc0557b89fad4-CMH
content-type: text/html; charset=UTF-8
date: Thu, 02 Apr 2026 12:14:05 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TsyKzANMXqwPD0uCKr09583uaPkaSTmcauf3QKuDh1Q4DT2%2BYRb6%2Fhcwl8X5vpEIi0JPnMGSUAZi4syIe0sN3eRzyHigyk8IKjr%2F%2FYypJDX0jEi0K%2FYjCOzV81INxA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfRequestDuration;dur=6.999969
transfer-encoding: chunked
vary: Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
CORS tester was built by @mscccc. The code is available on GitHub. Sponsored by HTML/CSS to Image.