diff --git a/src/V1/V1Routes.php b/src/V1/V1Routes.php
index 51a0550..99da4cd 100644
--- a/src/V1/V1Routes.php
+++ b/src/V1/V1Routes.php
@@ -16,6 +16,7 @@ class V1Routes implements RouteHandler {
         $router->get('/', fn() => ['status' => 'operational']);
 
         $usersRoutes = new V1UsersRoutes($this->ctx, $this->ctx->getRpcClient()->scopeTo('misuzu:users:'));
+        $router->options('/me', $usersRoutes->getMe(...));
         $router->get('/me', $usersRoutes->getMe(...));
         $router->scopeTo('/users')->register($usersRoutes);
     }
diff --git a/src/V1/V1UsersRoutes.php b/src/V1/V1UsersRoutes.php
index c8b6b9e..1d83ad1 100644
--- a/src/V1/V1UsersRoutes.php
+++ b/src/V1/V1UsersRoutes.php
@@ -12,7 +12,11 @@ class V1UsersRoutes implements RouteHandler {
         private RpcClient $rpc
     ) {}
 
-    public function getMe() {
+    public function getMe($response) {
+        $response->setHeader('Access-Control-Allow-Origin', '*');
+        $response->setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET');
+        $response->setHeader('Cache-Control', 'no-store');
+
         $authz = $this->ctx->getAuthzContext();
         if(!$authz->hasScope('identify'))
             return 403;