When responding to an OPTIONS request Hydrus should include a Access-Control-Max-Age header to allow browsers to cache the Access-Control-Allow-Methods and Access-Control-Allow-Headers info instead of having to redo the preflight check for each request. More info here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age

I think a reasonable value would be 24 hours which is 86400 seconds.