The HTTP OPTIONS method is a type of HTTP request that is used to request information about the actions available for interacting with the target resource.
A HTTP request of this type is sent to determine the capabilities that the server has or what interaction is allowed with a specific resource, without having to commit to a particular action. When an asterisk
* is specified as the target, the HTTP OPTIONS request applies to the server in general instead of a specific resource. When a resource is specified, the HTTP request applies only to it.
The HTTP response will contain the HTTP header field Allow that lists the supported features.
The client can optionally include a Max-Forwards HTTP header, which effectively targets a specific server in the HTTP request chain. Proxy servers will forward this HTTP request header but will not generate it.
An HTTP OPTIONS request is not prohibited from having a message body. However, at this time, the specification does not define its format or use.
In this example, the client is interested in knowing whether it can write to the specified file. To determine this, it uses the HTTP OPTIONS request. The server responds with the 204 No Content status, which includes the Allow HTTP header.
Following the initial HTTP request, the client wants to know about the server in general, so a modified HTTP request is made and receives a slightly different HTTP response.
Ultimately, the client learns that the HTTP OPTIONS, GET, and HEAD methods are generally available and in addition, the HTTP POST method is available for the target resource.
Initial request to specific target
OPTIONS /news.html HTTP/1.1 Host: www.example.ai
Response to initial request
HTTP/1.1 204 No Content Allow: OPTIONS, GET, HEAD, POST
Second request to server in general
OPTIONS * HTTP/1.1 Host: www.example.ai
Response to second request
HTTP/1.1 204 No Content Allow: OPTIONS, GET, HEAD
The HTTP OPTIONS request method is useful for determining what commands are available for use on a target server or for a specific resource. This HTTP method is safe and idempotent, but not cacheable.