Cloudflare supports CORS and operates in the following way:
- The Cloudflare CDN identifies cache items based on the Host Header + Origin Header + Path and Query, which supports different objects using the same host header, but different origin headers
- Cloudflare passes Access-Control-Allow-Origin header through unaltered from the origin server to the browser
If you have having trouble seeing the CORS headers that you have added to your web server, you should read Why can't I see my CORS headers?