The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request.

Header type Response header
Forbidden header name no

Syntax

Access-Control-Allow-Methods: <method>, <method>, ...

Directives

<method>
Comma-delimited list of the allowed HTTP request methods.

Examples

Access-Control-Allow-Methods: POST, GET, OPTIONS

Specifications

Specification Status Comment
Fetch
The definition of 'Access-Control-Allow-Methods' in that specification.
Living Standard Initial definition

Browser compatibility

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidEdge MobileFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
Basic supportChrome Full support 4Edge Full support 12Firefox Full support 3.5IE Full support 10Opera Full support 12Safari Full support 4WebView Android Full support 2Chrome Android Full support YesEdge Mobile Full support YesFirefox Android Full support 4Opera Android Full support 12Safari iOS Full support 3.2Samsung Internet Android Full support Yes

Legend

Full support  
Full support

Compatibility notes

See also

Document Tags and Contributors

Contributors to this page: fscholz, teoli
Last updated by: fscholz,