Help with Access-Control-Allow-Origin (CORS)

[Mouth]

My site is not loading font awesome from CDN ...

Font from origin 'https://cdn.netrider.net.au' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://netrider.net.au' is therefore not allowed access. The response had HTTP status code 403.

... but the http headers look OK ...

HTTP Status for: "https://netrider.net.au/"

• HTTP/1.1 200 OK
• Server: nginx
• Content-Type: text/html; charset=UTF-8
• Connection: close
• X-Frame-Options: SAMEORIGIN
• Strict-Transport-Security: max-age=15638400; preload
• Access-Control-Allow-Origin: *
• X-Frame-Options: SAMEORIGIN
• X-Content-Type-Options: nosniff
• Date: Sat, 19 Dec 2015 23:25:54 GMT
• X-Page-Speed: 1.9.32.4-7251
• Cache-Control: max-age=0, no-cache

... and ...

HTTP Status for: "https://cdn.netrider.net.au/"

• HTTP/1.1 200 OK
• Server: keycdn-engine
• Date: Sat, 19 Dec 2015 23:31:26 GMT
• Content-Type: text/html; charset=UTF-8
• Connection: close
• Vary: Accept-Encoding
• X-Frame-Options: SAMEORIGIN
• Strict-Transport-Security: max-age=15638400; preload
• X-Frame-Options: SAMEORIGIN
• X-Content-Type-Options: nosniff
• X-Page-Speed: 1.9.32.4-7251
• Cache-Control: max-age=604800
• Expires: Sat, 26 Dec 2015 23:31:26 GMT
• Link: <https://netrider.net.au/>; rel="canonical"
• X-Cache: MISS
• X-Edge-Location: defr
• Access-Control-Allow-Origin: *

Thus, both having "Access-Control-Allow-Origin: *" to allow font loading from external domains.

Would appreciate some pointer/assistance on what I've gotten wrong. Have been reading, but cannot figure out the issue.

 

[Mouth]

FYI, in case anyone gets the same issue.
I changed my CDN url (using KeyCDN's new LetsEncrypt functionality) and forgot to add a referrer allowance at the CDN for the change in URL.