After updating our error tracking software, the latest version introduced a new header which was included in requests to our server. This header was being rejected by our CORS Allowed Headers Policy for requests from the website, thereby rejecting the requests.
This issue was isolated to a small group of users using the Pay & Connect website.
The configuration has since been updated to resolve the issue.