When using Artifactory Enterprise 6.7.6 rev 60706900 at $WORK, I tried a:
curl --verbose -H auth_stuff -T xxxfilexxx https://host/path/
And got a 405 "Method not allowed" response, but no Allow header (actually no headers displayed).
[...] The origin server MUST generate an Allow header field in a 405 response containing a list of the target resource's currently supported methods.
I've done this several times. The curl verbose output indicates it's switching to HTTP/2, in case that matters. (Perhaps that's why no response headers at all are displayed in this case?)