diff --git a/lib/server/inithandler.rb b/lib/server/inithandler.rb
index 4d82a233e..51b807a6e 100644
--- a/lib/server/inithandler.rb
+++ b/lib/server/inithandler.rb
@@ -24,6 +24,9 @@ module BeEF
     #
     def do_POST(request, response)
 
+      response.header['Access-Control-Allow-Origin'] = '*'
+      response.header['Access-Control-Allow-Methods'] = 'POST, GET'
+      response.header['Access-Control-Allow-Headers'] = 'Content-Type'
       response.body = ''
       
       # validate hook session value
@@ -96,6 +99,8 @@ module BeEF
 
     end
     
+    alias do_OPTIONS do_POST
+    
     # returns a selected parameter from the query string.
     def get_param(query, key)
       return nil if query[key].nil?
diff --git a/lib/server/zombiehandler.rb b/lib/server/zombiehandler.rb
index 8c7c10e8b..a3397e8c1 100644
--- a/lib/server/zombiehandler.rb
+++ b/lib/server/zombiehandler.rb
@@ -74,11 +74,13 @@ module BeEF
       response.header['Content-Type'] = 'text/javascript' 
       response.header['Access-Control-Allow-Origin'] = '*'
       response.header['Access-Control-Allow-Methods'] = 'POST, GET'
+      response.header['Access-Control-Allow-Headers'] = 'Content-Type'
       response.body = @body
       
     end
       
     alias do_POST do_GET
+    alias do_OPTIONS do_GET
     
     private