Allow Header
Table of Content
- Syntax
- Directives
- Examples
- Browser Compatibility
- How to modify Allow header The Allow Header is an HTTP header that indicates the request methods that are permitted on a web resource. It is used to alert clients the methods they are allowed to perform on the requested content. For example: GET, POST, DELETE, etc. It is typically sent in response to a request which uses the OPTIONS method, but can also be included in other responses like 405 (Method not allowed).
Syntax
Allow: <method>, <method>, ...Directives
The Allow header can accommodate one or more method directives, separated by a comma. For instance:
Allow: OPTIONS, GET, HEADExamples
Here are some examples of how the Allow header may appear in use:
Response to an OPTIONS request:
HTTP/1.1 200 OK
Allow: OPTIONS, GET, HEADResponse to a GET request on a resource that only allows HEAD:
HTTP/1.1 405 Method Not Allowed
Allow: HEADBrowser Compatibility
| Browser | Compatibility |
|---|---|
| Chrome | Supported |
| Firefox | Supported |
| Safari | Supported |
| Opera | Supported |
| Edge | Supported |
How to modify Allow header
ModHeader is a Chromium based extension designed for modifying request and response headers. With ModHeader, you can modify the Allow header to check a server's reaction to different set of methods. To achieve this, add a new header in the ModHeader extension interface; set the header name as 'Allow' and enter the allowed methods you wish to test as the value. Confirm that the correct profile is selected and you're good to go. Remember to remove or disable headers after running your test to avoid unexpected results in your regular internet surfing.