First of all, it might be useful to note two things about the Access-Control-Allow-Origin header:
- It’s a server header. Having your client code send it to the server doesn’t do anything.
- Our servers block all CORS, meaning the request will be rejected before it hits your PHP code.
The origin error message suggests the origin domain is localhost, not niknote.rf.gd. Does this code work when you upload it to your website instead of only opening it on your own computer?