When I open www.example.com in the browser and look at the trace of requests in the devtools I see that this website made a request to ux.example.com, but the original website domain is www.example.com.
So I copied this request as fetch from the networks tab and pasted it in the console. It gave me the CORS error
Access to fetch at 'https://ux.example.com/' from origin 'https://www.example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
I really don't understand how it's possible, could you please explain it?
So I've figured out what was happening. Basically this website has an iframe to the other site and so this request was made by the iframe and I could not replicate it.