top of page
Writer's pictureprashant singh

Insecure HTTP Methods Enabled


Attacker sends a request of type "OPTIONS" to the Web server of your application to determine what HTTP methods are supported by the server. Allow: HEAD, GET, PUT, POST, DELETE, TRACE, OPTIONS

The header Allow includes a list of supported HTTP methods.

Application is insecure if Allow header contains methods such as DELETE or PUT.

52 views0 comments

Recent Posts

See All

コメント


bottom of page