CA AXA using https via Nginx shows no app session data

Document ID : KB000120920
Last Modified Date : 21/11/2018
Show Technical Document Details
After reconfiguring CA AXA to use https instead of http via Nginx can no longer see any app session data.
AXA 17.3.1 on premise
In Browser Developer mode (F12) "BA.js" and "profile?agent=browser" execute correctly with status 200. 
However after that there is no profile load for "browserMetrics" and no app session data  is visible in AXA UI. 
In the Console tab this message is visible:
BA.js:317 Access to XMLHttpRequest at 'https://axa_hostname:8443/api/1/urn:ca:tenantId:.../urn:ca:appId:.../profile?agent=browser' from origin 'http://appserver_hostname' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'http://appserver_hostname, *', but only one is allowed.
These 13 lines had been uncommented in the default nginx.conf file which enables Cross-Origin Resource Sharing (CORS):
location ~* (bajs|extjs|profile|(b|B)rowserMetrics|mobileMetrics) { 

# if ($request_method = 'GET') { 
# add_header 'Access-Control-Allow-Origin' '*'; 
# } 
# if ($request_method = 'OPTIONS') { 
# add_header 'Access-Control-Allow-Origin' '*'; 
# add_header 'Access-Control-Allow-Credentials' 'true'; 
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 
# add_header 'Access-Control-Allow-Headers' 'Content-Type'; 
# return 200; 
# } 
# if ($request_method = 'POST') { 
# add_header 'Access-Control-Allow-Origin' '*'; 
# } 

proxy_pass http://dxc$request_uri; 

The application is not configured for CORS so there is some conflict. 
To resolve the problem the lines were commented back to their default settings.