[Yandex Cloud documentation](../../../../index.md) > [Yandex Object Storage](../../../index.md) > API reference > [AWS S3 REST](../../index.md) > [REST](../index.md) > Object > options

# Object Storage API, Amazon S3-compatible REST: options

Checks whether a [CORS request](../../../concepts/cors.md) to an object can be made.

For more information on getting started with the API and the general request format, see [How to use the S3 API](../../index.md).

## Request {#request}

```http
OPTIONS /{bucket}/{key} HTTP/2
```

### Path parameters {#path-parameters}

Parameter | Description
----- | -----
`bucket` | Bucket name.
`key` | Object key. which is the ID the object is saved with in Object Storage.

### Headers {#request-headers}

Header | Description
--------- | --------
`Origin` | Request source domain.<br/><br/>For example, `http://www.example.com`.<br/><br/>Required.
`Access-Control-Request-Method` | HTTP method to use when sending a request to a resource.<br/><br/>Required.
`Access-Control-Request-Headers` | List of headers to send in a subsequent request to the object. Headers are separated by commas.<br/><br/>Optional.

Make sure to also use the required [common headers](../common-request-headers.md).

## Response {#response}

### Headers {#response-headers}

In addition to [common headers](../common-response-headers.md), responses may contain:

Header | Description
--------- | --------
`Access-Control-Allow-Origin` | Domain provided in the `Origin` request header.<br/><br/>If the [CORS configuration](../cors/upload.md#request-scheme) has the `AllowedOrigin` element set to `*`, the `Access-Control-Allow-Origin` header value will also be `*`.<br/><br/>If access from the domain is denied, Object Storage will return error 403 and there will be no `Access-Control-*` headers.
`Access-Control-Max-Age` | Allowed response caching time, in seconds.
`Access-Control-Allow-Methods` | Allowed request methods. If there are no allowed methods, Object Storage will return error 403 and there will be no `Access-Control-*` headers present.
`Access-Control-Allow-Headers` | List of HTTP headers that can be used in a subsequent request to the object. If there are no headers allowed, this header is not included in a response.
`Access-Control-Expose-Headers` | List of HTTP headers the JavaScript client will receive.

### Response codes {#response-codes}

The method returns the following:

- 200: If requests to the object are allowed.
- 403: If requests to the object are not allowed.

For a detailed description of response codes, see [Responses](../response-codes.md).

#### Related articles {#related-articles}

* [Object](../../../concepts/object.md)

* [Configuring CORS](../../../operations/buckets/cors.md)

#### See also {#see-also}

* [Getting started with the AWS S3 API in Yandex Object Storage](../../s3-api-quickstart.md)

* [Debugging requests using the AWS CLI](../../signing-requests.md#debugging)

* [Example of sending a signed request using curl](../../../api-ref/authentication.md#s3-api-example)

* [Code example for generating a signature](../../../concepts/pre-signed-urls.md#code-examples)