MDN wants to learn about developers like you:

The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request.

Header type Response header
Forbidden header name no


Access-Control-Allow-Methods: <method>, <method>, ...


Comma-delimited list of the allowed HTTP request methods.


Access-Control-Allow-Methods: POST, GET, OPTIONS


Specification Status Comment
The definition of 'Access-Control-Allow-Methods' in that specification.
Living Standard Initial definition

Browser compatibility

FeatureChromeFirefoxEdgeInternet ExplorerOperaSafari
Basic Support43.51210124
FeatureAndroidChrome for AndroidEdge mobileFirefox for AndroidIE mobileOpera AndroidiOS Safari
Basic Support2.1(Yes)(Yes)1.0(Yes)123.2

Compatibility notes

See also

Document Tags and Contributors

 Contributors to this page: fscholz, teoli
 Last updated by: fscholz,