@Ankesh-Anand setting ACAO to "*" is pretty dangerous, so we don't allow that to be set in the ACP (we ignore the setting if it's set to the wildcard). Nginx should be able to override that, but I don't think you need to.
Which domain is your site? DOMAIN or DOMAIN2? The ACAO header needs to be set on DOMAIN, not DOMAIN2.