The HTTP OPTIONS method is used to describe the communication options for the target resource. Clients can send an HTTP OPTIONS request to find out HTTP methods and other options supported by a web server. If the request URI is an asterisk '*', the HTTP OPTIONS request is intended to apply to the server in general rather than to a specific resource.
Requests using the HTTP OPTIONS method should only retrieve data (server must not change its state). If you want to change data on the server, use POST, PUT, PATCH or DELETE methods.
The HTTP OPTIONS method is defined as idempotent, which means that multiple identical OPTIONS requests should have the same effect as a single request.
The following example demonstrates sending an HTTP OPTIONS request to the server:
And the server response:
The Allow response header contains a list of HTTP methods that may be used on the target resource.
Additional Cross-Origin Resource Sharing (CORS) headers may present in the server response if your target resource is located on another domain.
For security purposes, browsers usually send a 'preflight' OPTIONS request to the target server when you are sending data to another domain (cross-domain requests).