Requests using the HTTP OPTIONS method should only retrieve data (server must not change its state). If you want to change data on the server, use POST, PUT, PATCH or DELETE methods.
The HTTP OPTIONS method is defined as idempotent, which means that multiple identical OPTIONS requests should have the same effect as a single request.
The following example demonstrates sending an HTTP OPTIONS request to the server:
And the server response:
The Allow response header contains a list of HTTP methods that may be used on the target resource.
Additional Cross-Origin Resource Sharing (CORS) headers may present in the server response if your target resource is located on another domain.
For security purposes, browsers usually send a 'preflight' OPTIONS request to the target server when you are sending data to another domain (cross-domain requests).