405 Method Not Allowed

The HTTP 405 status code means a server doesn’t support the requested HTTP method.

For example, sending a PATCH request to an endpoint that only supports GET requests will trigger the HTTP 405 error.

When responding with this status code, the server should include the Allow header, indicating supported HTTP methods (even though this is a requirement, not all websites abide by this rule).

Allow: GET, HEAD, POST

As of today, there are 9 available HTTP methods:

• HEAD
• GET
• POST
• PUT
• PATCH
• DELETE
• OPTIONS
• TRACE
• CONNECT

Note that some firewalls and network ACLs might disable particular HTTP methods for increased security. The OWASP recommends disabling the HTTP TRACE method because it can be used for the Cross-Site Tracing (XST) attack.

Try it yourself

Send a TRACE request method using -X, --request option in curl:

curl -X TRACE https://example.com

Trivia

HTTP/1.0 and HTTP/1.1 defined the LINK and UNLINK HTTP methods, but they never gained wide adoption. Roughly speaking, LINK is equivalent to a hyperlink in the HTTP realm, while UNLINK is for removing relations established by LINK.