Sucuri Docs > Warnings > Hardening > HTTP Trace Method

HTTP Trace Method

In order to improve the security of your site (and your users), you should disable the TRACE
method from your web server. This method has no real-life usage and can be misused for XST (cross-site tracing) attacks.

That is how you can disable it on Apache (via .htaccess):

  RewriteEngine On 
  RewriteRule .* - [F]

These documents explain it in detail:

Sucuri Customers

Note that all WAF users are already protected against it.

If you have any questions, please contact our research team at

Was this article helpful?