What HTTP method is used for a CORS preflight request?
OPTIONS. The browser sends an OPTIONS request with Access-Control-Request-Method and Access-Control-Request-Headers. The server responds with 204 No Content and the CORS headers.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in CORS Preflight Requests Explained
An HTTP OPTIONS request that the browser sends before the actual request, to check if the server allows it. It includes Access-Control-Request-Method and Access-Control-Request-Headers. The server responds with the allowed methods, headers, and origins.
When the request is not 'simple': methods other than GET/POST/HEAD (PUT, DELETE, PATCH), custom headers (Authorization, X-Custom), or Content-Type application/json. Simple requests (GET, POST with form data) do not trigger a preflight.
A header that tells the browser how long (in seconds) to cache the preflight result. Within this period, subsequent requests to the same URL do not trigger a new preflight. Common values: 3600 (1 hour).
Still have questions?
Browse all our FAQs or reach out to our support team
