Access-Control-Request-Method Header

Table of Content

The Access-Control-Request-Method is an important HTTP header used in conjunction with the CORS (Cross-Origin Resource Sharing) mechanism. Essentially, it notifies the server about which method will be used in the actual request as part of the preflight process. This ensures that the server is capable and ready to handle the request, as well as prevent possible security issues or server faults due to unexpected methods.


Access-Control-Request-Method: <method>

Where <method> refers to an HTTP Method such as GET, POST, DELETE, etc.


The Access-Control-Request-Method header uses one directive:

  • <method>: This refers to the HTTP method that will be used in the actual CORS request.


In a preflight request, the Access-Control-Request-Method can be used as follows:

OPTIONS /resource.jpg HTTP/1.1
Access-Control-Request-Method: DELETE

This indicates that the actual request will be a DELETE request.

Browser Compatibility

Browser Compatibility
Chrome Supported
Firefox Supported
Safari Supported
Opera Supported
Edge Supported

How to modify Access-Control-Request-Method header

To modify the Access-Control-Request-Method header using the ModHeader Chrome extension, follow these steps:

  1. Install and open ModHeader extension.
  2. Select 'Request Headers' tab.
  3. Click on the 'Add' button to create a new header.
  4. In the 'Name' field, type 'Access-Control-Request-Method'.
  5. In the 'Value' field, input the method you intend to use in your actual request (like GET, POST, DELETE, etc.).
  6. Save your changes.

This way, you can modify the value of your Access-Control-Request-Method header anytime and test different scenarios during your local development or debugging stages. It's very useful to simulate CORS requests and see server responses.