Tests ran through Acunetix come up with a result of 'Insecure CORS configuration' due to the issue mentioned in this post:
I have worked with Control support, and they have confirmed that the POST is getting a 403/ forbidden error that is causing this issue. Contained in that link is an example of how the 403 error can be resolved to no longer show this vulnerability in Acunetix. Our auditors are unsatisfied with the results, so it would be great if we could get this resolved.
Customer support service by UserEcho