405 Method Not Allowed

The HTTP 405 status code means a server doesn’t support the requested HTTP method.

For example, sending a POST request to the endpoint that only supports GET requests will trigger the HTTP 405 error.

When responding with this status code, the server might include the Allow header indicating supported HTTP methods.

Allow: GET, HEAD

Note that some firewalls and network ACLs might disable particular HTTP methods for increased security. The OWASP recommends disabling the HTTP TRACE method because it can be used for the “Cross-Site Tracing (XST)” attack.

As of today, there are 9 available HTTP methods:


HTTP/1.0 and HTTP/1.1 defined LINK and UNLINK HTTP methods, but they never gained wide adoption. Roughly speaking, LINK is an equivalent of a hyperlink in the HTTP realm, while UNLINK is for removing relations established by LINK.

Interested in no-nonsense technical guides?

No spyware, no promotional emails, or keyword-stuffed junk. I will only send you a single email when I've got something interesting to say. Unsubscribe anytime.

You can also subscribe to the Atom feed (it's like RSS, but better).