OPTIONS is a diagnostic method which is mainly used for debugging purpose. This HTTP method basically reports which HTTP Methods that are allowed on the web server. In reality, this is rarely used for legitimate purposes, but it does grant a potential attacker a little bit of help and it can be considered a shortcut to find another hole.
OPTIONS method should be disabled.
Methods to disable OPTION method may vary depending upon the type, version of the web server.
IIS (For new versions)