Disable HTTP trace
The HTTP TRACE method echoes the string that was sent to the server back to the client. It is used mainly for debugging purposes, but can also be used for a cross-site tracing (XST) attack.
The configuration to prevent a cross-site tracing (XST) attack can be done in an intermediary HTTP server.
For example, in IBM® HTTP Server you can use the
TraceEnable directive in the httpd.conf file to disable HTTP trace.