The HTTP TRACE method is used to debug web server connections by returning the full HTTP request to the client for proxy-debugging purposes.

Normally, the recipient of the request is the origin server; the TRACE message also goes back toward the client if the value of the Max-Forwards request header is zero (Max-Forward: 0).

Why use TRACE

After sending HTTP requests they leave the client and a human collect screen captures only a while after responses are already received. So, HTTP traces are to be collected for HTTP traffic recording if an investigation is needed.

TRACE-ing Risk

Processing a TRACE request skips authorization verification. This increases the risk of stealing information, including cookies and possibly website credentials.

TRACE Example

TRACE Request Example to ReqBin
TRACE /echo HTTP/1.1