Detect enabled HTTP TRACE methods

Stay Up To Date
Asset Type


Need Membership


Asset Verify


API Support


Estimate Time (Second)


Detect enabled HTTP TRACE methods Detail

Information disclosed from this page can be used to gain additional information about the target system.

The HTTP TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests that use the TRACE method by echoing in its response the exact request that was received. This behavior is often harmless, but occasionally leads to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies. This functionality could historically be used to bypass the HttpOnly cookie flag on cookies, but this is no longer possible in modern web browsers.

Some Advice for Common Problems

The TRACE method should be disabled on production web servers.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service