Cross-Origin Error

Our website is hosted at Webflow, and we have A record with the domain www.beyondfuture.de pointing to the Webflow site.
Now we need “external” files a “.gbl” 3D model and a related “.hdr” file. So we created on our other domain provider a subdomain cdn.beyondfuture.de
And in an embedded block on Webflow we included these sources.

But we still get Code: 200 Access-Control-Allow-Origin missing errors.
Why does the resources located on a subdomain not solve the issue? Is it because we do not host the Webflow on the same server and only point to it with a A-record?
And we only get the error in the console on the gbl and hdr file.

<model-viewer bounds="tight" src="https://cdn.beyondfuture.de/modelviewer/model/virtualworld/minimal_HTML_v12.glb" ar ar-modes="webxr scene-viewer quick-look" camera-controls environment-image="https://cdn.beyondfuture.de/modelviewer/spruit_sunrise_1k_HDR.hdr" poster="https://cdn.beyondfuture.de/modelviewer/model/virtualworld/poster.png" shadow-intensity="1" autoplay>

Is there any other workaround? Can one set the header policies in Webflow?
Because we want to keep the editability from the CMS and therefor don’t want to export the Webflow-Site to our own webspaces.

Nope, but you should be able to where the resource is hosted.