Detect enabled HTTP TRACE methods

Information disclosed from this page can be used to gain additional information about the target system.

Short Info

Level

Low

Single Scan

Can be used by

Everyone

Estimated Time

10 second

Time Interval

3 day

Scan only one

Url

Toolbox

-

The HTTP TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests that use the TRACE method by echoing in its response the exact request that was received. This behavior is often harmless, but occasionally leads to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies. This functionality could historically be used to bypass the HttpOnly cookie flag on cookies, but this is no longer possible in modern web browsers.

Get started to protecting your Free Full Security Scan

Start trial See the plans

Detect enabled HTTP TRACE methods

Short Info

Low

Single Scan

Everyone

10 second

3 day

Url

-

Detail

Solution Advice

Category