diff --git a/files/en-us/web/http/headers/access-control-allow-methods/index.md b/files/en-us/web/http/headers/access-control-allow-methods/index.md
index d9d79b6476c3102..a42f0101d608a35 100644
--- a/files/en-us/web/http/headers/access-control-allow-methods/index.md
+++ b/files/en-us/web/http/headers/access-control-allow-methods/index.md
@@ -32,7 +32,7 @@ Access-Control-Allow-Methods: *
 ## Directives
 
 - `<method>`
-  - : A comma-separated list of the allowed request methods.
+  - : A comma-separated list of the allowed request methods. `GET`, `HEAD`, and `POST` are always allowed, regardless of whether they are specified in this header, as they are defined as [CORS-safelisted method](https://fetch.spec.whatwg.org/#cors-safelisted-method)s.
 - `*` (wildcard)
   - : All HTTP methods.
     It has this meaning only for requests without credentials (requests without [HTTP cookies](/en-US/docs/Web/HTTP/Cookies) or HTTP authentication information). In requests with credentials, it is
@@ -41,7 +41,7 @@ Access-Control-Allow-Methods: *
 ## Examples
 
 ```http
-Access-Control-Allow-Methods: GET, POST
+Access-Control-Allow-Methods: PUT, DELETE
 Access-Control-Allow-Methods: *
 ```