Domino Apps might become integrated into more complex, multi-site web applications. For this exists CORS - Cross Origin Resource Sharing.
If CORS is enabled in a web app, a browser might send "preflight" requests to Domino to verify if a certain HTTP method would be allowed (or not). This OPTIONS request seems still not supported in Domino.
The requests come from the browser, not from an app developer.