Request header field Secret is not allowed by Access-Control-Allow-Headers in preflight response - ASP.NET WEB API

Question

I am getting this error -

Request header field Secret is not allowed by Access-Control-Allow-Headers in preflight response.

On my web api in asp.net MVC.

I have enabled cors and added the headers through web.config.

<httpProtocol>
  <customHeaders>
    <add name="Access-Control-Request-Headers" value="Key,Secret"/>
    <add name="Access-Control-Allow-Origin" value="*" />
  </customHeaders>
</httpProtocol>

Now when I am trying to call this API (cross domain) in jQuery then i get error.

My jQuery Code is:

 var url = "http://www.demo.yogihosting.com/mvc/api/API/1"
        $.ajax({
            url: url,
            headers: {
                Key: "Key1",
                Secret: "Secret1"
            },
            dataType: 'json',
            success: function (result, status, xhr) {
                alert(result)
            },
            error: function (xhr, status, error) {
                alert(error)
            }
        });

The API URL IS Click HERE

The API needs header - 'key' & 'secret' too. Key value should be 'Key1' Secret value should be 'Secret1'

The API is not working on cross domain request. But on same domain request it is working.

Below is the image from Chrome Network tab containing Request and Response data:

Please help me to find out what is wrong here?