405 Method Not Allowed

HTTP 405 status code means a server doesn’t support the requested HTTP method.

For example, sending a POST request to the endpoint that only supports GET requests will trigger the HTTP 405 error.

When responding with this status code, the server might include the Allow header indicating supported HTTP methods.

Allow: GET, HEAD

Note that some firewalls and network ACLs might disable particular HTTP methods for increased security. OWASP recommends disabling the HTTP TRACE method because it can be used for the “Cross-Site Tracing (XST)” attack.

As of today, there are 9 available HTTP methods:

Trivia

HTTP/1.0 and HTTP/1.1 defined LINK and UNLINK HTTP methods, but they never gained a wide adoption (roughly speaking, LINK is an equivalent of a hyperlink in the HTTP realm).