diff --git a/tests/py/test_identity_pages.py b/tests/py/test_identity_pages.py
index b7b414ba78..be5a25c4ea 100644
--- a/tests/py/test_identity_pages.py
+++ b/tests/py/test_identity_pages.py
@@ -48,6 +48,9 @@ def test_il_is_200_for_admin(self):
 
     # ip - identity page
 
+    def test_ip_disallows_methods(self):
+        assert self.client.hxt('HEAD', '/~bob/identities/TT').code == 405
+
     def test_ip_is_403_for_anon(self):
         assert self.client.GxT('/~bob/identities/TT').code == 403
 
diff --git a/www/~/%username/identities/%country.spt b/www/~/%username/identities/%country.spt
index ce83d7a9b4..ec15c82f1d 100644
--- a/www/~/%username/identities/%country.spt
+++ b/www/~/%username/identities/%country.spt
@@ -2,6 +2,7 @@ from aspen import Response
 from gratipay.utils import get_participant
 from gratipay.models.country import Country
 [---]
+request.allow('GET', 'POST')
 participant = get_participant(state, restrict=True)
 
 # hard-code HR auth group for Team Gratipay O.O