Return header "X-Content-Type-Options: nosniff" also for OPTIONS request
Content type "application/json; charset=utf-8" instead of "application/json" in response headers