How to deny a CORS request

Cross domain access is denied by default, while it is considered security risk. To deny access you need to remove configuration which allows cross domain calls.

Fresh install of web server do not allow CORS out of the box, at least for IIS, which I have used recently.

Check how to (un)configure different web servers to (deny)allow CORS: http://enable-cors.org/server.html