diff --git a/package.json b/package.json
index 4b5d23e..566e98d 100644
--- a/package.json
+++ b/package.json
@@ -39,6 +39,7 @@
     "express": "^4.18.2",
     "fluent-ffmpeg": "^2.1.2",
     "fp-ts": "^2.13.1",
+    "helmet": "^7.1.0",
     "io-ts": "^2.2.20",
     "io-ts-types": "^0.5.19",
     "ioredis": "^5.2.5",
diff --git a/src/server/index.ts b/src/server/index.ts
index 1157f54..4ac8f55 100644
--- a/src/server/index.ts
+++ b/src/server/index.ts
@@ -1,5 +1,6 @@
 import express from 'express'
 import fs from 'fs'
+import helmet from 'helmet'
 import morgan from 'morgan'
 
 import { config } from '@/lib/config'
@@ -26,6 +27,7 @@ if (config.sentryDsn) {
   app.use(Sentry.Handlers.tracingHandler())
 }
 
+app.use(helmet({ crossOriginResourcePolicy: false }))
 app.use(
   morgan('dev', {
     ...(config.log.accessLog === 'stdout'
diff --git a/src/server/routes/animation.ts b/src/server/routes/animation.ts
index 07709d5..da82c66 100644
--- a/src/server/routes/animation.ts
+++ b/src/server/routes/animation.ts
@@ -83,7 +83,7 @@ router.head('/', async (req, res) => {
             'Content-Type': `video/${format}`,
             'Cache-Control': 'public, max-age=31536000, must-revalidate',
             'x-image-cache': cacheStatus.toUpperCase(),
-            age: `${age}`,
+            'x-image-age': `${age}`,
           })
           res.end()
           logger.info(`[${cacheStatus.toUpperCase()}] ${url}, format:${format}`)
diff --git a/src/server/routes/image.ts b/src/server/routes/image.ts
index c752232..7f51336 100644
--- a/src/server/routes/image.ts
+++ b/src/server/routes/image.ts
@@ -80,7 +80,9 @@ router.get('/', async (req, res) => {
   const { accept } = headers
   const acceptFormats =
     accept
-      ?.split(',')
+      ?.replace('jpg', 'jpeg')
+      .toLowerCase()
+      .split(',')
       .map((e) => e.split(';'))
       .flat()
       .filter((e) => e.startsWith('image/'))
@@ -100,6 +102,8 @@ router.get('/', async (req, res) => {
           },
         )
         const contentType = imageHeaders['content-type']
+          ?.replace('jpg', 'jpeg')
+          .toLowerCase()
         if (!contentType || !supportedFormats.includes(contentType)) {
           return ['Unsupported format']
         }
@@ -124,7 +128,7 @@ router.get('/', async (req, res) => {
             'Content-Type': targetFormat,
             'Cache-Control': 'public, max-age=31536000, must-revalidate',
             'x-image-cache': cacheStatus.toUpperCase(),
-            age: `${age}`,
+            'x-image-age': `${age}`,
           })
           logger.info(
             `[${cacheStatus.toUpperCase()}] ${params.url}, W:${
diff --git a/yarn.lock b/yarn.lock
index 2013463..6ed7533 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2491,6 +2491,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"helmet@npm:^7.1.0":
+  version: 7.1.0
+  resolution: "helmet@npm:7.1.0"
+  checksum: 8c3370d07487be11ac918577c68952e05d779a1a2c037023c1ba763034c381a025899bc52f8acfab5209304a1dc618a3764dbfd26386a0d1173befe4fb932e84
+  languageName: node
+  linkType: hard
+
 "http-cache-semantics@npm:3.8.1":
   version: 3.8.1
   resolution: "http-cache-semantics@npm:3.8.1"
@@ -2612,6 +2619,7 @@ __metadata:
     express: "npm:^4.18.2"
     fluent-ffmpeg: "npm:^2.1.2"
     fp-ts: "npm:^2.13.1"
+    helmet: "npm:^7.1.0"
     io-ts: "npm:^2.2.20"
     io-ts-types: "npm:^0.5.19"
     ioredis: "npm:^5.2.5"