Skip to content

Allow

Description

The Allow response header is used by a server to communicate which HTTP methods are supported by the requested resource. This header is typically sent in response to an OPTIONS request or when a client attempts to use an HTTP method that is not allowed for the resource, resulting in a 405 Method Not Allowed status code.

The Allow header helps clients understand what actions they can perform on a resource, providing a clear indication of the supported HTTP operations. This information is particularly valuable in REST APIs and other web services where different resources might support different sets of operations.

Syntax

The syntax of the Allow header follows this structure:

Allow: <method>[, <method>]*
  • <method>:
    An HTTP method supported by the resource (e.g., GET, POST, PUT, DELETE, etc.).
  • Multiple methods can be specified, separated by commas.

Example Syntax

Allow: GET, POST, HEAD

This example indicates that the resource supports the GET, POST, and HEAD methods.

Examples

Basic Example

A response to an OPTIONS request:

OPTIONS /api/articles HTTP/1.1
Host: example.com

HTTP/1.1 200 OK
Date: Mon, 02 Jun 2025 12:00:00 GMT
Allow: GET, POST, HEAD
Content-Length: 0

This response indicates that the /api/articles resource supports the GET, POST, and HEAD methods.

Method Not Allowed Example

A response when an unsupported method is attempted:

DELETE /api/articles HTTP/1.1
Host: example.com

HTTP/1.1 405 Method Not Allowed
Date: Mon, 02 Jun 2025 12:05:30 GMT
Allow: GET, POST, HEAD
Content-Type: text/plain
Content-Length: 29

Method DELETE is not allowed.

In this example, the client attempted to use the DELETE method on a resource that only supports GET, POST, and HEAD, resulting in a 405 error with an Allow header indicating the supported methods.

Resource with Full CRUD Operations

A response for a resource supporting complete CRUD operations:

OPTIONS /api/users/123 HTTP/1.1
Host: example.com

HTTP/1.1 200 OK
Date: Mon, 02 Jun 2025 12:10:45 GMT
Allow: GET, PUT, DELETE, HEAD
Content-Length: 0

This indicates that the specific user resource supports reading (GET), updating (PUT), and deleting (DELETE) operations.

Summary

The Allow response header provides essential information about the HTTP methods that can be used with a particular resource. By clearly communicating the supported operations, this header helps prevent unsuccessful requests and guides clients toward the proper use of the API or web service. When implementing RESTful APIs, properly setting the Allow header in responses to OPTIONS requests and 405 Method Not Allowed situations enhances the discoverability and usability of the service.