Add 405 FAQ and changelog for /cdn-cgi/rum

MildMax · MildMax · commit aa0347a351be · 2026-05-13T12:00:21.000-04:00
diff --git a/src/content/changelog/web-analytics/2026-05-13-rum-405-method-not-allowed.mdx b/src/content/changelog/web-analytics/2026-05-13-rum-405-method-not-allowed.mdx
@@ -0,0 +1,15 @@
+---
+title: "/cdn-cgi/rum endpoint now returns 405 for non-POST requests"
+description: The /cdn-cgi/rum beacon endpoint now returns 405 Method Not Allowed instead of 404 when called with an unsupported HTTP method.
+date: 2026-05-13
+products:
+  - web-analytics
+---
+
+The `/cdn-cgi/rum` beacon endpoint now returns `405 Method Not Allowed` for non-POST requests instead of `404 Not Found`. The response includes an `Allow: POST, OPTIONS` header per [RFC 9110 §15.5.6](https://www.rfc-editor.org/rfc/rfc9110#section-15.5.6).
+
+Previously, sending a `GET` or other non-POST request to this endpoint returned a `404`, which was misleading because it suggested the endpoint did not exist. The new `405` response clearly indicates that the endpoint exists but only accepts `POST` requests.
+
+The Web Analytics beacon (`beacon.min.js`) already uses `POST` for all metric submissions, so this change does not affect normal beacon operation. `OPTIONS` requests for CORS preflight continue to work as before.
+
+For more information, refer to the [Web Analytics FAQ](/web-analytics/faq/#why-am-i-getting-a-405-method-not-allowed-error-from-cdn-cgirum).
diff --git a/src/content/docs/web-analytics/faq.mdx b/src/content/docs/web-analytics/faq.mdx
@@ -52,6 +52,14 @@ Since only one JS snippet can be rendered and used per page, you cannot have mul
 
 If you have a `Cache-Control` header set to `public, no-transform`, Cloudflare proxy will not be able to modify the original payload of the website. Therefore, the Beacon script will not be automatically injected to your site, and Web Analytics will not work. Refer to [Origin cache control](/cache/concepts/cache-control/) for more information.
 
+### Why am I getting a `405 Method Not Allowed` error from `/cdn-cgi/rum`?
+
+The `/cdn-cgi/rum` endpoint only accepts `POST` requests for data ingestion. If you send a request using any other HTTP method (for example, `GET`, `PUT`, or `DELETE`), the endpoint returns a `405 Method Not Allowed` response with an `Allow: POST, OPTIONS` header.
+
+The Web Analytics beacon (`beacon.min.js`) always uses `POST` when reporting metrics. If you see `405` errors in your logs, the requests are not coming from the beacon itself.
+
+No action is required unless you are making custom requests to this endpoint. If you are, ensure your implementation uses the `POST` method. `OPTIONS` requests (CORS preflight) are also supported and will continue to work normally.
+
 ---
 
 ## Setup
