Chrome Version       : 61.0.3163.100
OS Version: OS X 10.12.6
URLs (if applicable) :
Other browsers tested:
  Add OK or FAIL after other browsers where you have tested this issue:
     Safari 5:
  Firefox 4.x:
     IE 7/8/9:

What steps will reproduce the problem?
1. Visit ft.com
2. Open Devtools > Application and check "Bypass for network"
3. Refresh the page.

What is the expected result?
No CORS issues.

What happens instead of that?
CORS errors. Looks like the "Origin" header is stripped from the request.

Please provide any additional information below. Attach a screenshot if
possible.

We check the request origin header at VCL level and if set and is anything on ft.com, we pass the "Access-Control-Allow-Origin" response header to match the origin. Because the request origin header doesn't exist, the response header is never set and CORS error is logged.

UserAgentString: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36