How to Send an HTTP OPTIONS Request Using curl
This article provides a quick, practical guide on how to send an HTTP OPTIONS request using the curl command-line tool. You will learn the exact syntax to perform the request and how to retrieve the server’s response headers to identify supported HTTP methods and CORS policies.
The HTTP OPTIONS method is used to inspect the communication options
available for a target resource. To send an OPTIONS request using curl,
you specify the request method using the -X (or
--request) flag.
The Basic Command
To send a basic OPTIONS request, use the following command:
curl -X OPTIONS https://example.comViewing Response Headers
Because the OPTIONS method is used to query server capabilities, the
most valuable information is contained in the response headers. By
default, curl does not display these headers. Use the -i
(or --include) flag to display the response headers along
with the body:
curl -i -X OPTIONS https://example.comAlternatively, if you only want to see the headers and ignore the
response body entirely, use the -I (or --head)
flag combined with -X:
curl -X OPTIONS -I https://example.comSimulating a CORS Preflight Request
Web browsers automatically send OPTIONS requests as “preflight”
requests to check permissions before making actual cross-origin
requests. You can simulate this in curl by passing the appropriate CORS
headers using the -H flag:
curl -i -X OPTIONS https://example.com \
-H "Access-Control-Request-Method: POST" \
-H "Access-Control-Request-Headers: Content-Type" \
-H "Origin: https://mydomain.com"Analyzing the Output
When inspecting the output of your OPTIONS request, look for these key headers:
- Allow: Lists the HTTP methods supported by the
server for that specific URL (e.g.,
GET, POST, OPTIONS). - Access-Control-Allow-Methods: Specifies the methods allowed when accessing the resource in a cross-origin context.
- Access-Control-Allow-Origin: Indicates which origin domains are permitted to access the resource.