HTTP 405 Response Status Code Guide: What is it, Usage, Methods

May 29 2024 by Oskay Günaçar

What Is HTTP 405 Status Code?

The HTTP 405 Status Code also known as "Method Not Allowed," is a client error response code indicating that the request method is known by the server but has been disabled and cannot be used for the requested resource. For instance, if a client tries to use the POST method on a resource that only supports GET, the server will respond with a 405 status code.

Common Causes

  1. Incorrect HTTP Method: The client uses an HTTP method that is not allowed for the specified resource.
  2. Configuration Issues: Server or application configuration might disallow certain methods for specific resources.
  3. API Misuse: When an API endpoint only supports certain methods, and the client uses a different method.

Example

If a server only allows GET requests to a specific endpoint, and a client sends a POST request, the server would respond with:

HTTP/1.1 405 Method Not Allowed

Allow: GET

The Allow header lists the HTTP methods that are supported for the requested resource.

Importance of the HTTP 405 Status Code in SEO

The HTTP 405 status code is important for SEO because it helps improve crawl efficiency, prevents indexing of incorrect content, ensures proper site functionality, aids in error reporting and maintenance, enhances security, and provides guidance on allowed methods, all contributing to a better user experience and site health, which are crucial for higher search engine rankings.

The HTTP 405 Status Code ("Method Not Allowed") plays a significant role in SEO (Search Engine Optimization) for several reasons:

1. Improves Crawl Efficiency

Search engines use bots to crawl web pages and index content. When a bot encounters a 405 status code, it understands that the method it tried (like POST or DELETE) is not allowed and can move on to other URLs. This helps in efficiently using the crawl budget, ensuring that more relevant pages get crawled and indexed.

2. Prevents Indexing of Incorrect Content

By correctly implementing the 405 status code, you ensure that search engines do not attempt to index pages that are accessed using incorrect HTTP methods. This prevents potential indexing of error pages or unintended content, which can negatively impact your site's SEO.

3. Ensures Proper Site Functionality

Proper handling of HTTP methods ensures that users and bots experience your website as intended. A well-functioning site contributes to better user experience, lower bounce rates, and higher engagement metrics—all of which are positive signals for SEO.

4. Error Reporting and Maintenance

The 405 status code provides clear information about what went wrong in a request. This clarity aids webmasters in quickly identifying and fixing issues related to incorrect HTTP methods, thereby maintaining the site's health and performance. A well-maintained site is more likely to rank higher in search results.

5. Security

By returning a 405 status code for inappropriate methods, you can protect your site from certain types of malicious requests and bots attempting to exploit vulnerabilities. A secure site is trusted more by users and search engines, positively affecting SEO.

6. HTTP Headers and Allow Method

The 405 response typically includes an Allow header that lists the allowed methods for the requested resource. This helps in guiding both users and search engines about the correct usage of your resources, improving the understanding and proper interaction with your site.

How to Use HTTP 405 Status Code for a Website

To use the HTTP 405 status code effectively for a website, follow these steps:

1. Identify Allowed Methods for Each Endpoint

Define which HTTP methods (GET, POST, PUT, DELETE, etc.) are allowed for each resource or endpoint on your website. This is typically part of your API design or web application's route configuration.

2. Configure the Server

Ensure your server is set up to respond with a 405 status code when a client uses an incorrect HTTP method. Here’s how you can do it in different server configurations:

Apache

In Apache, you can use the LimitExcept directive within a <Directory>, <Location>, or <Files> block in your .htaccess file or server configuration file:

<LimitExcept GET POST>
    Order allow,deny
    Deny from all
</LimitExcept>

This configuration allows only GET and POST methods and denies all others, which would result in a 405 response.

Nginx

In Nginx, you can use the limit_except directive in your server block:

location /your-endpoint {
    limit_except GET POST {
        deny all;
    }
}

This configuration also limits allowed methods to GET and POST, returning a 405 for any other method.

3. Handle HTTP Methods in Application Code

Ensure your web application correctly handles HTTP methods. For example, in a Node.js/Express application:

app.get('/your-endpoint', function(req, res) {

    // Handle GET request
});

app.post('/your-endpoint', function(req, res) {
    // Handle POST request
});

app.all('/your-endpoint', function(req, res) {
    res.status(405).send('Method Not Allowed');
});

In this example, any method other than GET or POST will receive a 405 response.

4. Set the Allow Header

When sending a 405 response, include the Allow header to inform clients which methods are supported. This can be done in your application code. For example, in Node.js/Express:

app.all('/your-endpoint', function(req, res) {
    res.set('Allow', 'GET, POST');
    res.status(405).send('Method Not Allowed');
});

5. Test Your Configuration

After setting up your server and application, test the endpoints with different HTTP methods to ensure they respond correctly with the 405 status code when an unsupported method is used.

How to Check HTTP 405 Status Code?

To check if your server correctly responds with an HTTP 405 status code, you can use several methods, including command-line tools, browser developer tools, and online services. Here are the steps for each method:

1. Using cURL (Command-Line Tool)

cURL is a powerful command-line tool for making HTTP requests. You can use it to send a request with an unsupported method to your server and check the response.

curl -X DELETE http://yourwebsite.com/your-endpoint

Replace DELETE with any method that is not supported by the endpoint. The response will include the HTTP status code.

2. Using Postman

Postman is a popular tool for testing APIs.

  1. Open Postman.
  2. Enter the URL of your endpoint.
  3. Select an HTTP method that is not allowed for the endpoint (e.g., PUT, DELETE).
  4. Click "Send."
  5. Check the response status code in the Postman interface. It should be 405 if the method is not allowed.

3. Using Browser Developer Tools

Most modern web browsers have built-in developer tools that allow you to inspect HTTP responses.

  1. Open your browser (Chrome, Firefox, etc.).
  2. Open Developer Tools (usually by right-clicking on the page and selecting "Inspect" or pressing F12).
  3. Go to the "Network" tab.
  4. Make a request using a method that is not allowed (e.g., using a form submission with a method not supported).
  5. Check the network log for the request and inspect the response status code.

4. Using Online Services

Several online tools can test HTTP responses, such as ReqBin, HTTP Status Code Checker, and others.

  1. Go to an online HTTP status checker (e.g. https://techseohub.com/status-checker).
  2. Enter the URL of your endpoint.
  3. Send the request and check the response status code.

HTTP status code checker tools usually check with the GET method, but there are online tools that allow you to diversify this.

5. Using a Script

If you prefer scripting, you can use languages like Python to send HTTP requests and check the response.

import requests

url = 'http://yourwebsite.com/your-endpoint'
response = requests.delete(url)  # Using DELETE as an example of an unsupported method

print(response.status_code)

This script will print the status code of the response, which should be 405 if the method is not allowed.

Best Practices for Handling HTTP 405 Status Code

Handling the HTTP 405 status code effectively involves implementing best practices that enhance the user experience, improve security, and maintain application robustness. Here are some best practices:

1. Clearly Define Allowed Methods

  • Ensure that each endpoint explicitly specifies the HTTP methods it supports (e.g., GET, POST, PUT, DELETE).
  • Use configuration files or code annotations to define allowed methods.

2. Use Proper Server Configuration

  • Apache: Utilize the LimitExcept directive to restrict methods. 
    <LimitExcept GET POST>
    Order allow,deny
    Deny from all
</LimitExcept>
  • Nginx: Use the limit_except directive to control access. 
    location /your-endpoint {
    limit_except GET POST {
        deny all;
    }
}

3. Application-Level Handling

  • In your application code, handle unsupported methods explicitly and return a 405 status code.

    Example in Node.js/Express:

    app.get('/your-endpoint', (req, res) => {
        // Handle GET request
    });

    app.post('/your-endpoint', (req, res) => {
        // Handle POST request
    });

    app.all('/your-endpoint', (req, res) => {
        res.set('Allow', 'GET, POST');
        res.status(405).send('Method Not Allowed');
    });

4. Include the Allow Header

  • When sending a 405 response, include the Allow header to inform clients of the supported methods. 
    res.set('Allow', 'GET, POST');
res.status(405).send('Method Not Allowed');

5. Detailed Error Messages

  • Provide clear and concise error messages to help clients understand why the request was rejected. 
    res.status(405).json({ error: 'Method Not Allowed', message: 'Use GET or POST for this endpoint.' });

6. Logging and Monitoring

  • Log all 405 responses to monitor and analyze incorrect method usage.
  • Use logging tools and services to track these events and gather insights for improving your API or web application.

7. Testing and Validation

  • Regularly test your endpoints to ensure they correctly handle unsupported methods.
  • Use automated tests to validate that 405 responses are returned as expected.

8. Security Considerations

  • Be mindful of security implications and ensure that your server does not expose unnecessary methods that could be exploited.
  • Regularly review and update your method handling policies as part of your security practices.

9. Documentation

  • Document the supported methods for each endpoint in your API documentation.
  • Make it clear to users which methods are allowed and provide examples of correct usage.

10. Graceful Degradation

  • If possible, provide alternative suggestions or guidance when a 405 response is triggered, helping users to correct their requests.

Conclusion

The HTTP 405 status code, "Method Not Allowed," is a vital aspect of web server and application management, ensuring that only supported HTTP methods are used for accessing resources. Properly implementing and handling this status code enhances your website's security, improves crawl efficiency, and ensures a better user experience, all of which contribute to improved SEO and overall site health. By clearly defining allowed methods, configuring your server and application correctly, providing detailed error messages, and including the Allow header, you can effectively manage HTTP method constraints. Additionally, regular testing, logging, and documentation are essential best practices that help maintain robustness and security. Ultimately, correctly handling HTTP 405 responses helps create a more secure, efficient, and user-friendly web environment.

Oskay Günaçar
Oskay Günaçar is a Technical SEO expert and backend developer. His main areas of interest are back-end programming, Python, Django, Go, semantic SEO, technical SEO. With more than 5 years of SEO experience, he has held SEO specialist positions at İkiler, Webtures, Boosmart, and Storyly.io companies, and has been involved in numerous projects as an outsourced expert. Through the TechSEOHub website, he aims to share the expertise and experience he has gained from managing and developing (SEO) processes for many successful and large websites in the industry, and to produce content for easy access to accurate and high-quality information.