I noticed an unwanted redirect when using the Clean & Lock extension. When a Favicon is setup in the MainWP Dashboard, this file is automatically requested via /favicon.ico and WordPress then loads the image that is setup. But if Clean & Lock is used, the favicon.ico request is redirected to the 301 Redirect URL and can be blocked by CORS.
As a workaround I’ve added favicon.ico to the excluded slugs, but as this probably is happening on all sites, it should be a default exclusion.
I noticed some more urls today that are being blocked by the extension:
/wp-json/wp-site-health/v1/tests/
/wp-json/wp-site-health/v1/directory-sizes
You can see that when you go to the wp-admin/site-health.php page. The first is a partial url followed by various tests. The second you see on the Information tab.