Title: access-control-allow-methods OPTIONS Last modified: March 14, 2023 --- # access-control-allow-methods OPTIONS * Resolved [digiscrap](https://wordpress.org/support/users/digiscrap/) * (@digiscrap) * [3 years, 2 months ago](https://wordpress.org/support/topic/access-control-allow-methods-options/) * Hello, When I check the website @ securityheaders.com I see:access-control-allow- methods GET,PUT,POST,DELETEBut when I try to save the Widgets (on every WP website I host) I get the error:“Updating Failed. The Response is Not a Valid JSON ResponseHTTP/ 2 405 Method Not Allowed”. This appears only when I save the Widgets.To resolve this I need to add OPTION to the “access-control-allow-methods”. As far as I can find with friend Google… * Is this possible in your plugin? Is it save and/or is there maybe a wrong configuration on my server (VPS)? * Thank for any advice and help! Vincent Volmer * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Faccess-control-allow-methods-options%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 2 replies - 1 through 2 (of 2 total) * Thread Starter [digiscrap](https://wordpress.org/support/users/digiscrap/) * (@digiscrap) * [3 years, 2 months ago](https://wordpress.org/support/topic/access-control-allow-methods-options/#post-16558461) * I see the lines below two times in the securityheaders.com output. I tried to add OPTIONS in .htaccess and it appears only in the second part. Looks like it is adding twice? When I disable your plugin all is gone. So the plugin adds it 2 times with some different values (4th / last line). Maybe it is normal behavior, I don’t know. * access-control-allow-origin null access-control-allow-methods GET,PUT,POST,DELETEaccess- control-allow-headers Content-Type, Authorizationx-content-security-policy default- src ‘self’; img-src *; media-src * data:; * access-control-allow-origin null access-control-allow-methods GET,PUT,POST,DELETEaccess- control-allow-headers Content-Type, Authorizationx-content-security-policy img- src *; media-src * data:; * Thanks again for your help! Regards, Vincent - This reply was modified 3 years, 2 months ago by [digiscrap](https://wordpress.org/support/users/digiscrap/). * Thread Starter [digiscrap](https://wordpress.org/support/users/digiscrap/) * (@digiscrap) * [3 years, 2 months ago](https://wordpress.org/support/topic/access-control-allow-methods-options/#post-16583576) * Issue was caused by the server settings. Fixed. I found the information here: [https://forum.directadmin.com/threads/allowmethods-ah01623-client-method-denied-by-server-configuration-options.56310/#post-288513](https://forum.directadmin.com/threads/allowmethods-ah01623-client-method-denied-by-server-configuration-options.56310/#post-288513) * Its not an issue caused by the Headers Security Advanced & HSTS WP ! Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘access-control-allow-methods OPTIONS’ is closed to new replies. * ![](https://ps.w.org/headers-security-advanced-hsts-wp/assets/icon.svg?rev=3102785) * [Headers Security Advanced & HSTS WP](https://wordpress.org/plugins/headers-security-advanced-hsts-wp/) * [Frequently Asked Questions](https://wordpress.org/plugins/headers-security-advanced-hsts-wp/#faq) * [Support Threads](https://wordpress.org/support/plugin/headers-security-advanced-hsts-wp/) * [Active Topics](https://wordpress.org/support/plugin/headers-security-advanced-hsts-wp/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/headers-security-advanced-hsts-wp/unresolved/) * [Reviews](https://wordpress.org/support/plugin/headers-security-advanced-hsts-wp/reviews/) * 2 replies * 1 participant * Last reply from: [digiscrap](https://wordpress.org/support/users/digiscrap/) * Last activity: [3 years, 2 months ago](https://wordpress.org/support/topic/access-control-allow-methods-options/#post-16583576) * Status: resolved