TRACE is a diagnostic method that echoes back how a request is transformed as it passes through proxies and gateways. The server returns the received request in the body (an echo).
Use `Max-Forwards` to limit hops along the path. It is theoretically useful for debugging, but in practice most servers block TRACE with 405 due to a security risk (Cross-Site Tracing, XST).
Sensitive auth headers can be exposed in the echo, so disabling it in production is the standard recommendation.
TRACE / HTTP/1.1
Host: example.com
Max-Forwards: 2HTTP/1.1 200 OK
Content-Type: message/http
TRACE / HTTP/1.1
Host: example.comcurl -X TRACE https://example.com/ -i # 대개 405로 비활성화됨