I am building a RESTful API. When the client uses an unsupported method such as GET on a resource that does not supports it, I am returning a 405 with the Allow header which lists the allowed methods:
Response
Status Code: 405 Method Not Allowed
Allow: DELETE, PUT, POST
Connection: keep-alive
Date: Mon, 08 Apr 2013 00:19:26 GMT
Fortify display insecure HTTP method(s) on the web server. How fortify determine insecure Http methods ?