It has been observed that the OPTIONS http method is accepted by application.
It has been observed that the OPTIONS http method is accepted by application. Using Burpsuite, craft a request using the OPTIONS HTTP method. It can be seen that the method has been enabled on the server and gives us the list of other methods enabled on the server.
The OPTIONS method only tells you which methods are available. Its not a vulnerability as much as its a shortcut to trying out all the methods one by one. As long as we have TRACE disabled, we are fine.