Proactive Bot Defense feature blocks CORS requests even for legitimate users. CORS requests are blocked because browsers typically do not include the required cookies when allowing cross-domain requests to prevent session riding attacks by attackers trying to access live sessions and sensitive data from other domains.
Therefore, if you enable Proactive Bot Defense and your web site uses CORS, you should add the CORS URLs to the proactive bot URL whitelist. Those URLs will not be defended from bots proactively, but they will not be blocked, and will still be protected by other enabled DoS detections and mitigations.
In your case it looks like your app is using a Live Chat app called "tawk.to" which needs to be whitelisted in Proactive Bot Defense URL whitelist.
Hope this helps,
Sam