diff --git a/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java b/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java
index 29ef01f..3af2d5d 100644
--- a/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java
+++ b/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java
@@ -26,6 +26,7 @@ import java.util.regex.Pattern;
 import com.google.common.base.Joiner;
 import com.google.common.base.Splitter;
 import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Lists;
 
@@ -33,6 +34,9 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 final class CrossOriginResourceSharing {
+    public static final Collection<String> SUPPORTED_METHODS =
+            ImmutableList.of("GET", "PUT", "POST", "HEAD");
+
     private static final String HEADER_VALUE_SEPARATOR = ", ";
     private static final String ALLOW_ANY_HEADER = "*";
 
@@ -47,7 +51,7 @@ final class CrossOriginResourceSharing {
 
     protected CrossOriginResourceSharing() {
         // CORS Allow all
-        this(Lists.newArrayList(".*"), Lists.newArrayList("GET", "PUT", "POST"),
+        this(Lists.newArrayList(".*"), SUPPORTED_METHODS,
                 Lists.newArrayList(ALLOW_ANY_HEADER));
     }
 
diff --git a/src/main/java/org/gaul/s3proxy/S3Proxy.java b/src/main/java/org/gaul/s3proxy/S3Proxy.java
index ffd10e5..8edcd4f 100644
--- a/src/main/java/org/gaul/s3proxy/S3Proxy.java
+++ b/src/main/java/org/gaul/s3proxy/S3Proxy.java
@@ -22,9 +22,11 @@ import static com.google.common.base.Preconditions.checkArgument;
 
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.util.Collection;
 import java.util.Objects;
 import java.util.Properties;
 
+import com.google.common.base.Joiner;
 import com.google.common.base.Splitter;
 import com.google.common.base.Strings;
 import com.google.common.collect.Lists;
@@ -256,6 +258,18 @@ public final class S3Proxy {
                 Splitter splitter = Splitter.on(" ").trimResults()
                         .omitEmptyStrings();
 
+                //Validate configured methods
+                Collection<String> allowedMethods = Lists.newArrayList(
+                        splitter.split(corsAllowMethods));
+                allowedMethods.removeAll(
+                        CrossOriginResourceSharing.SUPPORTED_METHODS);
+                if (!allowedMethods.isEmpty()) {
+                    throw new IllegalArgumentException(
+                        S3ProxyConstants.PROPERTY_CORS_ALLOW_METHODS +
+                        " contains not supported values: " + Joiner.on(" ")
+                        .join(allowedMethods));
+                }
+
                 builder.corsRules(new CrossOriginResourceSharing(
                         Lists.newArrayList(splitter.split(corsAllowOrigins)),
                         Lists.newArrayList(splitter.split(corsAllowMethods)),