Can anyone send requests to my php endpoint

It’s not actually a CORS proxy that blocks it, it’s a browser validation system that is preventing it from working. It just so happens that these URLs do not have CORS headers set why is why you will see CORS errors with AJAX requests. But this system is intended to block non-browser clients, and will do exactly that if you try to connect to it from any other kind of application.