Could it be possible to add the header “Access-Control-Allow-Origin: *” to the tiles that are served, like it is on the jsons.
In fact, some library (ie OpenLayers 3, but maybe other) need to check the “Cross-origin image” when it ask the tiles. But there request are directed by the Access-Control-Allow-Origin header from the web site, and fail to get it, so discard the pictures and print errors in JavaScript’s console.
So, would it be possible to kitten just these single header to the static images that you serves?