When the ratelimit is reached, the 429 response is sent without the access-control-allow-origin
header, thus preventing a browser application from reading the response and its status code.
Specifically, on the GET /company/{companyNumber}
endpoint.