🎉 Requestly joins BrowserStack to build the future of application testing. Read more

HTTP Headers

Access Control Request Method

HTTP Header

The HTTP Access-Control-Request-Method request header is utilized by browsers during a preflight request to inform the server about the HTTP method that will be employed when the actual request is sent.
This header is essential because the preflight request always uses an OPTIONS method and does not share the same HTTP method as the actual request.

Header typeRequest header
Forbidden request headerYes

Syntax

Access-Control-Request-Method: <method>

Directives

This section explains directives used in HTTP requests, often called methods. These methods define the action that the client wishes to perform on the server. Common methods include GET, POST, and DELETE, each serving different purposes in client-server communication.

Example

Access-Control-Request-Method: POST<br>

How to Modify Header using Requestly

Requestly is a powerful Chrome extension that allows you to modify HTTP headers, including the Access-Control-Request-Method header. This is especially useful for testing how your application handles CORS preflight requests and different HTTP methods during development or debugging. Steps to Modify the Access-Control-Request-Method Header:

  1. Install and open the Requestly Chrome extension. You can find it on the Chrome Web Store.
  2. Create a new rule: Click on “Create Rule” and choose “Modify Headers” from the list of available rule types.
  3. Add a new header modification:
    • Under “Action”, select “Add” or “Override”.
    • In the “Header Name” field, enter Access-Control-Request-Method.
    • In the “Header Value” field, enter the HTTP method you want to test (e.g., PUT).
  4. Set the URL condition: Specify the URL or pattern where this header change should apply (e.g., https://your-api.com/*).
  5. Save the rule.

Once set up, Requestly will inject the modified Access-Control-Request-Method header into all matching preflight requests, allowing you to test how your server handles different HTTP methods in CORS scenarios. Modifying the Access-Control-Request-Method header helps you ensure that your server correctly supports different HTTP methods during cross-origin requests. This is important for debugging CORS issues and verifying that your API handles preflight checks as expected.