1
Run this test now.
Results
Chrome
Chromium
Firefox
Unknown Browser
Googlebot
IE
Maemo Browser
Opera
Safari
Chrome Mobile
Edge
This browser ran the most recent scan
Tested on
Chrome - 102 - Windows 10
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported. |
| TRACK | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported. |
| TRACE | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported. |
| CUSTOM | Allowed |
Tested on
Chromium - 71 - Ubuntu
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported. |
| TRACK | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported. |
| TRACE | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported. |
| CUSTOM | Allowed |
Tested on
Firefox - 74 - Mac OS X
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - The operation is insecure. |
| TRACK | Not Allowed - The operation is insecure. |
| TRACE | Not Allowed - The operation is insecure. |
| CUSTOM | Allowed |
This browser ran the most recent scan
Tested on
Unknown Browser - Unknown Version - Unknown OS
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported. |
| TRACK | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported. |
| TRACE | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported. |
| CUSTOM | Allowed |
Tested on
Googlebot - 2.1 - undefined
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported. |
| TRACK | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported. |
| TRACE | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported. |
| CUSTOM | Allowed |
Tested on
IE - 10 - Windows 8
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - SecurityError |
| TRACK | Not Allowed - SecurityError |
| TRACE | Not Allowed - SecurityError |
| CUSTOM | Allowed |
Tested on
Maemo Browser - undefined - Linux
| HTTP Method | Is allowed? |
|---|---|
This browser ran the most recent scan
Tested on
Opera - 78 - Windows 10
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported. |
| TRACK | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported. |
| TRACE | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported. |
| CUSTOM | Allowed |
This browser ran the most recent scan
Tested on
Safari - 14.1.2 - Mac OS X
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - The operation is insecure. |
| TRACK | Not Allowed - The operation is insecure. |
| TRACE | Not Allowed - The operation is insecure. |
| CUSTOM | Allowed |
This browser ran the most recent scan
Tested on
Chrome Mobile - 99 - Android
| HTTP Method | Is allowed? |
|---|---|
| 1.12.3 | Allowed |
| 1.12.2 | Allowed |
| 1.10.2 | Allowed |
| 1.10.1 | Allowed |
| 1.10.0 | Allowed |
| 1.9.1 | Allowed |
| 1.9.0 | Allowed |
| 1.8.2 | Allowed |
| 1.8.1 | Allowed |
| 1.8.0 | Allowed |
| 1.7.2 | Allowed |
| 1.7.1 | Allowed |
| 1.7.0 | Allowed |
| 1.6.4 | Allowed |
| 1.6.3 | Allowed |
| 1.6.2 | Allowed |
| 1.6.1 | Allowed |
| 1.6.0 | Allowed |
| 1.5.2 | Allowed |
| 1.5.1 | Allowed |
| 1.5.0 | Allowed |
| 1.4.4 | Allowed |
| 1.4.3 | Allowed |
| 1.4.2 | Allowed |
| 1.4.1 | Allowed |
| 1.4.0 | Allowed |
| 1.3.2 | Allowed |
| 1.3.1 | Allowed |
| 1.3.0 | Allowed |
| 1.2.6 | Allowed |
| 1.2.3 | Allowed |
Tested on
Edge - 17.17134 - Windows 10
| HTTP Method | Is allowed? |
|---|---|
| HEAD | Allowed |
| GET | Allowed |
| POST | Allowed |
| OPTIONS | Allowed |
| PUT | Allowed |
| DELETE | Allowed |
| CONNECT | Not Allowed - SecurityError |
| TRACK | Not Allowed - SecurityError |
| TRACE | Not Allowed - SecurityError |
| CUSTOM | Allowed |
User Script (ENUM_FUNCTION)
// Throws a "SecurityError" exception if method is a case-insensitive match for CONNECT, TRACE or TRACK. Reference: http://www.w3.org/TR/XMLHttpRequest/#request-method
// From the specs
// Throws a "SecurityError" exception if method is a case-insensitive match for CONNECT, TRACE or TRACK.
// http://www.w3.org/TR/XMLHttpRequest/#request-method
function test(data){
// We need to separate properties and access one by one.
try{
var xhr = new XMLHttpRequest();
xhr.open(data.toString(), '/test', true);
// At this stage, if we have an Exception, the header is not allowed.
addResult(data, 'Allowed');
}
catch(err){
addError(data, 'Not Allowed - '+ err.message);
}
}
Enum Data (ENUM_FUNCTION)
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
var data = ['HEAD', 'GET', 'POST', 'OPTIONS', 'PUT', 'DELETE', 'CONNECT', 'TRACK', 'TRACE', 'CUSTOM'];