• Property Manager name: Allow OPTIONS
  • Behavior version: The v2023-01-05 rule format supports the allow_​options behavior v1.1.
  • Rule format status: GA, stable
  • Access: Read-write
  • Allowed in includes: Yes

GET, HEAD, and OPTIONS requests are allowed by default. All other HTTP methods result in a 501 error. For full support of Cross-Origin Resource Sharing (CORS), you need to allow requests that use the OPTIONS method. If you're using the cors​_support behavior, do not disable OPTIONS requests. The response to an OPTIONS request is not cached, so the request always goes through the Akamai network to your origin, unless you use the construct​_response behavior to send responses directly from the Akamai network. See also the allow​_delete, allow​_patch, allow​_post, and allow​_put behaviors.


Set this to true to reflect the default policy where edge servers allow the OPTIONS method, without caching the response. Set this to false to deny OPTIONS requests and respond with a 501 error.