HTTP Methods Supported by XHR

List all the supported XHR methods.

By
skeptic_fx 1 Seen 5059 times
Tags
xhr
Run this test now.

Results


This browser ran the most recent scan
Tested on
Chrome - 102 - Windows 10
HTTP MethodIs allowed?
HEADAllowed
GETAllowed
POSTAllowed
OPTIONSAllowed
PUTAllowed
DELETEAllowed
CONNECTNot Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported.
TRACKNot Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported.
TRACENot Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported.
CUSTOMAllowed

Tested on
Chromium - 71 - Ubuntu
HTTP MethodIs allowed?
HEADAllowed
GETAllowed
POSTAllowed
OPTIONSAllowed
PUTAllowed
DELETEAllowed
CONNECTNot Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported.
TRACKNot Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported.
TRACENot Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported.
CUSTOMAllowed

Tested on
Firefox - 74 - Mac OS X
HTTP MethodIs allowed?
HEADAllowed
GETAllowed
POSTAllowed
OPTIONSAllowed
PUTAllowed
DELETEAllowed
CONNECTNot Allowed - The operation is insecure.
TRACKNot Allowed - The operation is insecure.
TRACENot Allowed - The operation is insecure.
CUSTOMAllowed

This browser ran the most recent scan
Tested on
Unknown Browser - Unknown Version - Unknown OS
HTTP MethodIs allowed?
HEADAllowed
GETAllowed
POSTAllowed
OPTIONSAllowed
PUTAllowed
DELETEAllowed
CONNECTNot Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported.
TRACKNot Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported.
TRACENot Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported.
CUSTOMAllowed

Tested on
Googlebot - 2.1 - undefined
HTTP MethodIs allowed?
HEADAllowed
GETAllowed
POSTAllowed
OPTIONSAllowed
PUTAllowed
DELETEAllowed
CONNECTNot Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported.
TRACKNot Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported.
TRACENot Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported.
CUSTOMAllowed

Tested on
IE - 10 - Windows 8
HTTP MethodIs allowed?
HEADAllowed
GETAllowed
POSTAllowed
OPTIONSAllowed
PUTAllowed
DELETEAllowed
CONNECTNot Allowed - SecurityError
TRACKNot Allowed - SecurityError
TRACENot Allowed - SecurityError
CUSTOMAllowed

Tested on
Maemo Browser - undefined - Linux
HTTP MethodIs allowed?

This browser ran the most recent scan
Tested on
Opera - 78 - Windows 10
HTTP MethodIs allowed?
HEADAllowed
GETAllowed
POSTAllowed
OPTIONSAllowed
PUTAllowed
DELETEAllowed
CONNECTNot Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported.
TRACKNot Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported.
TRACENot Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported.
CUSTOMAllowed

This browser ran the most recent scan
Tested on
Safari - 14.1.2 - Mac OS X
HTTP MethodIs allowed?
HEADAllowed
GETAllowed
POSTAllowed
OPTIONSAllowed
PUTAllowed
DELETEAllowed
CONNECTNot Allowed - The operation is insecure.
TRACKNot Allowed - The operation is insecure.
TRACENot Allowed - The operation is insecure.
CUSTOMAllowed

This browser ran the most recent scan
Tested on
Chrome Mobile - 99 - Android
HTTP MethodIs allowed?
1.12.3Allowed
1.12.2Allowed
1.10.2Allowed
1.10.1Allowed
1.10.0Allowed
1.9.1Allowed
1.9.0Allowed
1.8.2Allowed
1.8.1Allowed
1.8.0Allowed
1.7.2Allowed
1.7.1Allowed
1.7.0Allowed
1.6.4Allowed
1.6.3Allowed
1.6.2Allowed
1.6.1Allowed
1.6.0Allowed
1.5.2Allowed
1.5.1Allowed
1.5.0Allowed
1.4.4Allowed
1.4.3Allowed
1.4.2Allowed
1.4.1Allowed
1.4.0Allowed
1.3.2Allowed
1.3.1Allowed
1.3.0Allowed
1.2.6Allowed
1.2.3Allowed

Tested on
Edge - 17.17134 - Windows 10
HTTP MethodIs allowed?
HEADAllowed
GETAllowed
POSTAllowed
OPTIONSAllowed
PUTAllowed
DELETEAllowed
CONNECTNot Allowed - SecurityError
TRACKNot Allowed - SecurityError
TRACENot Allowed - SecurityError
CUSTOMAllowed

User Script (ENUM_FUNCTION)

					
// Throws a "SecurityError" exception if method is a case-insensitive match for CONNECT, TRACE or TRACK.  Reference: http://www.w3.org/TR/XMLHttpRequest/#request-method 

// From the specs
// Throws a "SecurityError" exception if method is a case-insensitive match for CONNECT, TRACE or TRACK.
// http://www.w3.org/TR/XMLHttpRequest/#request-method

function test(data){
	// We need to separate properties and access one by one.
try{
    var xhr = new XMLHttpRequest();
    xhr.open(data.toString(), '/test', true);
    // At this stage, if we have an Exception, the header is not allowed.
    addResult(data,  'Allowed');
}

catch(err){
	addError(data,  'Not Allowed - '+ err.message);
}

}
					
				

Enum Data (ENUM_FUNCTION)

					
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html

var data = ['HEAD', 'GET', 'POST', 'OPTIONS', 'PUT', 'DELETE', 'CONNECT', 'TRACK', 'TRACE', 'CUSTOM'];