This entity header lists down the set of methods that are supported by a resource.The Allow header should be sent when the server responds with a “405 Method Not Allowed” status code to indicate which request methods can be used. If for example, an “Allow” header which is empty points out to the fact that the resource doesn’t allow any sort of request methods that might occur temporarily for a given resource.
The main idea behind this header is to inform or let know the recipient strictly of all the valid methods those are associated with a specific resource.
This header can’t by any means prevent a client from trying out all the other methods. Nonetheless, all the indications that are given by the values of this header must be taken into consideration and duly followed. The real or actual set of all the methods that are allowed is defined by origin server while the time of each request that is being made.
The header, “Allow” might be given or provided along with a PUT request so as to recommend whatsoever methods that has to be supported by a new or a modified resource. There is no requirement for the server to support those methods and must thereby include “Allow” header in the response while providing the actual set of supported methods.
A proxy should never modify this header even though it doesn’t understand or comprehend all methods specified. This is because the user may have other ways of interacting with origin server.