1
Run this test now.
Results
Chrome
Chromium
Firefox
Unknown Browser
Googlebot
IE
Maemo Browser
Opera
Safari
Chrome Mobile
Edge
Tested on
Chrome - 80 - Windows 10
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported. |
| TRACK | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported. |
| TRACE | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported. |
| CUSTOM | Allowed |
Tested on
Chromium - 71 - Ubuntu
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported. |
| TRACK | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported. |
| TRACE | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported. |
| CUSTOM | Allowed |
Tested on
Firefox - 67 - Ubuntu
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - The operation is insecure. |
| TRACK | Not Allowed - The operation is insecure. |
| TRACE | Not Allowed - The operation is insecure. |
| CUSTOM | Allowed |
Tested on
Unknown Browser - Unknown Version - Unknown OS
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported. |
| TRACK | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported. |
| TRACE | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported. |
| CUSTOM | Allowed |
Tested on
Googlebot - 2.1 - undefined
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported. |
| TRACK | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported. |
| TRACE | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported. |
| CUSTOM | Allowed |
Tested on
IE - 10 - Windows 8
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - SecurityError |
| TRACK | Not Allowed - SecurityError |
| TRACE | Not Allowed - SecurityError |
| CUSTOM | Allowed |
Tested on
Maemo Browser - undefined - Linux
| HTTP Method | Is allowed? |
|---|---|
Tested on
Opera - 47 - Windows 10
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported. |
| TRACK | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported. |
| TRACE | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported. |
| CUSTOM | Allowed |
Tested on
Safari - 7 - Mac OS X
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - SecurityError: DOM Exception 18 |
| TRACK | Not Allowed - SecurityError: DOM Exception 18 |
| TRACE | Not Allowed - SecurityError: DOM Exception 18 |
| CUSTOM | Allowed |
Tested on
Chrome Mobile - 41 - Android
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported. |
| TRACK | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported. |
| TRACE | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported. |
| CUSTOM | Allowed |
Tested on
Edge - 17.17134 - Windows 10
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - SecurityError |
| TRACK | Not Allowed - SecurityError |
| TRACE | Not Allowed - SecurityError |
| CUSTOM | Allowed |
User Script (ENUM_FUNCTION)
// Throws a "SecurityError" exception if method is a case-insensitive match for CONNECT, TRACE or TRACK. Reference: http://www.w3.org/TR/XMLHttpRequest/#request-method
// From the specs
// Throws a "SecurityError" exception if method is a case-insensitive match for CONNECT, TRACE or TRACK.
// http://www.w3.org/TR/XMLHttpRequest/#request-method
function test(data){
// We need to separate properties and access one by one.
try{
var xhr = new XMLHttpRequest();
xhr.open(data.toString(), '/test', true);
// At this stage, if we have an Exception, the header is not allowed.
addResult(data, 'Allowed');
}
catch(err){
addError(data, 'Not Allowed - '+ err.message);
}
}
Enum Data (ENUM_FUNCTION)
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
var data = ['HEAD', 'GET', 'POST', 'OPTIONS', 'PUT', 'DELETE', 'CONNECT', 'TRACK', 'TRACE', 'CUSTOM'];