Add initial support for 'Cross-Origin-Options' HTTP response header