The HTTP 405 status code means a server doesn’t support the requested HTTP method.
For example, sending a PATCH request to an endpoint that only supports GET requests will trigger the HTTP 405 error.
When responding with this status code, the server should include the
Allow header, indicating supported HTTP methods (even though this is a requirement, not all websites abide by this rule).
Allow: GET, HEAD, POST
As of today, there are 9 available HTTP methods:
Note that some firewalls and network ACLs might disable particular HTTP methods for increased security. The OWASP recommends disabling the HTTP TRACE method because it can be used for the Cross-Site Tracing (XST) attack.
Try it yourself
TRACE request method using
-X, --request option in curl:
curl -X TRACE https://example.com
HTTP/1.0 and HTTP/1.1 defined the LINK and UNLINK HTTP methods, but they never gained wide adoption. Roughly speaking, LINK is equivalent to a hyperlink in the HTTP realm, while UNLINK is for removing relations established by LINK.