Actually I did that incorrectly because I don't think you can add multiple origins in that way.
It does work on your quiz site with the above because it only uses the last origin.

For a single site, this will likely work:

<IfModule mod_headers.c>   
    Header set Access-Control-Allow-Origin "https://www.quizland.co.uk"   
    Header set Vary "Origin"
    Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
    Header set Access-Control-Allow-Headers "Content-Type, Authorization"
</IfModule>

---

For multiple sites, you'll need to use regex ( add sites with ... |example.com ):

<IfModule mod_headers.c>
SetEnvIf Origin "http(s)?://(www\.)?(davejohnson.co.uk|quizland.co.uk)$" AccessControlAllowOrigin=$0
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header merge Vary Origin
Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header set Access-Control-Allow-Headers "Content-Type, Authorization"
</IfModule>

This is working for me with the following put into the .htaccess file:

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "https://www.davejohnson.co.uk"
    Header set Access-Control-Allow-Origin "https://davejohnson.co.uk"
    Header set Access-Control-Allow-Origin "https://quizland.co.uk"
    Header set Access-Control-Allow-Origin "https://www.quizland.co.uk"   
    Header set Vary "Origin"
    Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
    Header set Access-Control-Allow-Headers "Content-Type, Authorization"
</IfModule>

Which site are you putting the .htaccess file onto?
It should be on the site hosting the files and allow the other site to access it.

To add to this, here's a look at the difference between DNS and VPN's:

https://tailscale.com/learn/difference-between-vpn-and-encrypted-dns

Plus you can combine both. Here's a look at the pros and cons:

https://www.tomsguide.com/computing/vpns/pros-and-cons-of-using-your-own-dns-with-a-vpn

And some more info. What is a DNS leak and how to prevent it:

https://www.tomsguide.com/features/what-is-a-dns-leak-and-how-to-prevent-it

While surfing around I also found this one whi might even be better than CloudFlare's according to the reviews I've seen:

https://dns.surfsharkdns.com/

The free app that makes your Internet safer.

https://one.one.one.one

Ok, I've been a busy boy lately.  Today I've found out that the following link below seems to be the best bet and you can use it without disabling or uninstalling your original CSF version. Just install updates on top of the orig   :

https://github.com/Aetherinox/csf-firewall

Their discussion channel on Discord is the best place to go for answers, if needed:

https://github.com/Aetherinox/csf-firewall/discussions/31

They also have a status page for their server:

https://status.configserver.dev/status/services

That's what we do:

https://www.jpr62.com/theme/index.php

tbh i have been working on a few themes on a local server so will be getting peoples opinions and to bug test them mostly

So, what kinds of stuff are you testing?

https://boredskull.net/index.php

I needed some hosting for testing stuff, so i thought id create a forum to play with and incase anyone wanted to join, its general chat, no real rules except keep it legal (staff discretion if its allowed) still working on it