diff --git a/infra/nginx/nginx.prod.conf b/infra/nginx/nginx.prod.conf
index a02e10a..6c05a26 100644
--- a/infra/nginx/nginx.prod.conf
+++ b/infra/nginx/nginx.prod.conf
@@ -302,6 +302,8 @@ http {
         # API clients expect JSON — an HTML response breaks their parsing.
         # -------------------------------------------------------------------
         location @rate_limit_error {
+            add_header 'Access-Control-Allow-Origin' '*' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
             default_type application/json;
             return 429 '{"status":429,"error":"Too Many Requests","message":"Rate limit exceeded. Please try again later."}';
         }