Our Trips endpoint uses the POST method and allows the following headers:
access-control-allow-headers: x-sherpa-deviceId,DNT,User-Agent,X-User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,sfdc_stack_depth
A CORS error will be visible in the console and network tabs if any custom headers are added to the request. It is recommended to remove any custom headers.