Access-Control-Allow-Methods

CORS: lists HTTP methods allowed for cross-origin requests. Sent in response to preflight OPTIONS.

Response

Syntax

Access-Control-Allow-Methods: <method>[, <method>]*

Example values

ValueExplanation
GET, POST, PUT, DELETEREST API methods
GET, OPTIONSRead-only

cURL usage

curl -X OPTIONS -H 'Origin: https://app.com' https://api.example.com/users

Common mistakes

Not including OPTIONS; omitting methods the API supports.

Related headers

Access-Control-Allow-Origin

Tools

HTTP Header Viewer →