Http Trace / Track Methods Allowed ( Security Vulnerability )

Hi

We have a site. ( https://app.lazyapply.com ) and we have opted for CASA tier 2 verification, for that we have done DSAT testing on our application and found out that their is a proxy disclosure alert on attack ( TRACE, OPTIONS methods with ‘Max-Forwards’ header. TRACK method. )

So I request you to disable Trace / Track method for my site so that this vulnerability can be fixed.

Link for DSAT scan result with ZAP on app.lazyapply.com

We’ve responded to your ticket in the helpdesk.

I have the same problem as the example above. How can I solve the problem related to disable Trace / Track method?

This was the response in the helpdesk to which we never received a reply:

Please provide proof of vulnerability. Having TRACE and TRACK methods is not a vulnerability. Is there a proof of exploit?

Having those methods is required as they can be used by various websites, and also used in Netlify Functions. With that being said, if you run any further tests without getting a written permission from our end, it would lead to an account suspension.