GET, HEAD, and OPTIONS requests are allowed by default. All other HTTP methods result in a 501 error. For full support of Cross-Origin Resource Sharing (CORS), you need to allow requests that use the OPTIONS method. If you're using the cors​Support behavior, do not disable OPTIONS requests. The response to an OPTIONS request is not cached, so the request always goes through the Akamai network to your origin, unless you use the construct​Response behavior to send responses directly from the Akamai network. See also the allow​Delete, allow​Patch, allow​Post, and allow​Put behaviors.


Set this to true to reflect the default policy where edge servers allow the OPTIONS method, without caching the response. Set this to false to deny OPTIONS requests and respond with a 501 error.