Allow

In This Article

Syntax
Directives
Examples
Specifications
See also

The Allow header lists the set of methods support by a resource.

This header must be sent if the server responds with a 405 Method Not Allowed status code to indicate which request methods can be used. An empty Allow header indicates that the resource allows no request methods, which might occur temporarily for a given resource, for example.

Header type	Entity header
Forbidden header name	no

Syntax

Allow: <http-methods>

Directives

<http-methods>: The list of allowed HTTP request methods.

Examples

Allow: GET, POST, HEAD

Specifications

Specification	Title
RFC 7231, section 7.4.1: Allow	Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content

Document Tags and Contributors

Tags:

Entity header
header
HTTP
HTTP Header
Reference

Contributors to this page: fscholz

Last updated by: fscholz, Feb 24, 2017, 4:53:17 AM

See also

HTTP
Guides:
Resources and URIs
1. Identifying resources on the Web
2. Data URIs
3. Introduction to MIME Types
4. Complete list of MIME Types
5. Choosing between www and non-www URLs
Basics of HTTP
1. Overview of HTTP
2. Evolution of HTTP
3. HTTP Messages
4. A typical HTTP session
5. Connection management in HTTP/1.x
HTTP security
1. Content Security Policy (CSP)
2. HTTP Public Key Pinning (HPKP)
3. HTTP Strict Transport Security (HSTS)
4. Cookie security
5. X-Content-Type-Options
6. X-Frame-Options
7. X-XSS-Protection
8. Mozilla web security guidelines
9. Mozilla Observatory
HTTP access control (CORS)
HTTP authentication
HTTP caching
HTTP compression
HTTP conditional requests
HTTP content negotiation
HTTP cookies
HTTP range requests
HTTP redirects
HTTP specifications
References:
HTTP headers
1. Accept
2. Accept-Charset
3. Accept-Encoding
4. Accept-Language
5. Accept-Ranges
6. Access-Control-Allow-Credentials
7. Access-Control-Allow-Headers
8. Access-Control-Allow-Methods
9. Access-Control-Allow-Origin
10. Access-Control-Expose-Headers
11. Access-Control-Max-Age
12. Access-Control-Request-Headers
13. Access-Control-Request-Method
14. Age
15. Allow
16. Authorization
17. Cache-Control
18. Connection
19. Content-Disposition
20. Content-Encoding
21. Content-Language
22. Content-Length
23. Content-Location
24. Content-Range
25. Content-Security-Policy
26. Content-Security-Policy-Report-Only
27. Content-Type
28. Cookie
29. Cookie2
30. DNT
31. Date
32. ETag
33. Expect
34. Expires
35. Forwarded
36. From
37. Host
38. If-Match
39. If-Modified-Since
40. If-None-Match
41. If-Range
42. If-Unmodified-Since
43. Keep-Alive
44. Large-Allocation
45. Last-Modified
46. Location
47. Origin
48. Pragma
49. Proxy-Authenticate
50. Proxy-Authorization
51. Public-Key-Pins
52. Public-Key-Pins-Report-Only
53. Range
54. Referer
55. Referrer-Policy
56. Retry-After
57. Server
58. Set-Cookie
59. Set-Cookie2
60. Strict-Transport-Security
61. TE
62. Tk
63. Trailer
64. Transfer-Encoding
65. Upgrade-Insecure-Requests
66. User-Agent
67. Vary
68. Via
69. WWW-Authenticate
70. Warning
71. X-Content-Type-Options
72. X-DNS-Prefetch-Control
73. X-Forwarded-For
74. X-Forwarded-Host
75. X-Forwarded-Proto
76. X-Frame-Options
77. X-XSS-Protection
HTTP request methods
1. CONNECT
2. DELETE
3. GET
4. HEAD
5. OPTIONS
6. PATCH
7. POST
8. PUT
HTTP response status codes
1. 100 Continue
2. 101 Switching Protocol
3. 200 OK
4. 201 Created
5. 202 Accepted
6. 203 Non-Authoritative Information
7. 204 No Content
8. 205 Reset Content
9. 206 Partial Content
10. 300 Multiple Choices
11. 301 Moved Permanently
12. 302 Found
13. 303 See Other
14. 304 Not Modified
15. 307 Temporary Redirect
16. 308 Permanent Redirect
17. 400 Bad Request
18. 401 Unauthorized
19. 403 Forbidden
20. 404 Not Found
21. 405 Method Not Allowed
22. 406 Not Acceptable
23. 407 Proxy Authentication Required
24. 408 Request Timeout
25. 409 Conflict
26. 410 Gone
27. 411 Length Required
28. 412 Precondition Failed
29. 413 Payload Too Large
30. 414 URI Too Long
31. 415 Unsupported Media Type
32. 416 Range Not Satisfiable
33. 417 Expectation Failed
34. 426 Upgrade Required
35. 428 Precondition Required
36. 429 Too Many Requests
37. 431 Request Header Fields Too Large
38. 451 Unavailable For Legal Reasons
39. 500 Internal Server Error
40. 501 Not Implemented
41. 502 Bad Gateway
42. 503 Service Unavailable
43. 504 Gateway Timeout
44. 505 HTTP Version Not Supported
45. 511 Network Authentication Required
CSP directives
1. CSP: base-uri
2. CSP: block-all-mixed-content
3. CSP: child-src
4. CSP: connect-src
5. CSP: default-src
6. CSP: font-src
7. CSP: form-action
8. CSP: frame-ancestors
9. CSP: frame-src
10. CSP: img-src
11. CSP: manifest-src
12. CSP: media-src
13. CSP: object-src
14. CSP: plugin-types
15. CSP: referrer
16. CSP: report-uri
17. CSP: require-sri-for
18. CSP: sandbox
19. CSP: script-src
20. CSP: style-src
21. CSP: upgrade-insecure-requests
22. CSP: worker-src