Access to XMLHttpRequest at 'https://tools.wmflabs.org/intuition/api.php?…' from origin 'https://test.wikipedia.org' has been blocked by CORS policy: Request header field x-wikimedia-debug is not allowed by Access-Control-Allow-Headers in preflight response.
Things are fine without debug mode, but this should probably be whitelisted somewhere. I think on the Toolforge/proxy side, but not entirely sure.
See also: T211511: Fetching ORES API from en.wikipedia.org blocked in debug mode