Well I am not using web client but an #Amethyst, so CORS should not apply to me?
Discussion
Finally I did figure out the reason why verification fails - it is due to redirect from ivpn.net to www.ivpn.net
```
$ curl -I https:///ivpn.net/.well-known/nostr.json
HTTP/2 301
server: nginx
date: Mon, 30 Sep 2024 19:55:13 GMT
content-length: 0
location: https://www.ivpn.net/.well-known/nostr.json
x-varnish: 953443322
content-security-policy: default-src 'self' *.ivpn.net;img-src * data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ivpn.net *.braintreegateway.com *.braintree-api.com *.paypal.com *.paypalobjects.com *.cardinalcommerce.com;style-src 'self' 'unsafe-inline' *.ivpn.net;connect-src 'self' *.ivpn.net *.cardinalcommerce.com *.braintree-api.com *.braintreegateway.com *.paypal.com api.coingecko.com;frame-src 'self' *;
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
```