This may be of use:
TechTip : When you need API Gateway Service to respond to both CORS and not CORS requests
There was very strict definition of what a "simple" request was, in our case adding a header was the cause.
So then IE (and other browsers) would do the CORS request, but requests from wget and curl would not.
Note from elsewhere:
It is not always clear if an OPTIONS request is going to be sent. But browsers can upgrade a normal GET request to one that makes an OPTIONS request before the GET/POST/PUSH request. It does this when the request does not fall into the "simple" category. Cross-origin resource sharing - Wikiwand
Since we had managed api's we could modify them on the gateway, as above link, to accept both CORS and non CORS requests.
There was Idea for better support too :
Better CORS support for API Portal when service pushed to API Gateway
Cheers - Mark