diff --git a/src/index.ts b/src/index.ts
index f04b641..44a767a 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -9,6 +9,17 @@ export { RulesCache };
 
 export default {
 	async fetch(request, env, ctx): Promise<Response> {
+		if (request.method !== "GET" && request.method !== "DELETE") {
+			return new Response("Method not allowed", {
+				status: 405,
+				headers: {
+					"Allow": "GET, DELETE",
+					"Content-Type": "text/plain",
+					"Access-Control-Allow-Origin": "*",
+				}
+			});
+		}
+
 		const url = new URL(request.url);
 		const targetUrl = url.searchParams.get("url");
 
diff --git a/test/index.spec.ts b/test/index.spec.ts
index 7cec597..a250137 100644
--- a/test/index.spec.ts
+++ b/test/index.spec.ts
@@ -188,4 +188,21 @@ describe("URL Cleaner worker", () => {
 		expect(deleteResponse.status).toBe(404);
 		expect(await deleteResponse.text()).toBe("Cache entry not found");
 	});
+
+	it("returns 405 for unsupported HTTP methods", async () => {
+		const testUrl = "https://example.com?utm_source=test";
+
+		const postResponse = await SELF.fetch(`https://example.com/?url=${encodeURIComponent(testUrl)}`, {
+			method: "POST",
+		});
+		expect(postResponse.status).toBe(405);
+		expect(postResponse.headers.get("Allow")).toBe("GET, DELETE");
+		expect(await postResponse.text()).toBe("Method not allowed");
+
+		const putResponse = await SELF.fetch(`https://example.com/?url=${encodeURIComponent(testUrl)}`, {
+			method: "PUT",
+		});
+		expect(putResponse.status).toBe(405);
+		expect(await putResponse.text()).toBe("Method not allowed");
+	});
 });