TRACE and CONNECT — Diagnostic and Tunnel Methods

TRACE: Request Echo for Diagnostics

The TRACE method asks the server to echo back the received request. This is used for diagnostic purposes to see what intermediaries (proxies, load balancers) are modifying in the request.

TRACE Example

TRACE /test HTTP/1.1
Host: api.example.com
X-Custom-Header: test-value

HTTP/1.1 200 OK
Content-Type: message/http

TRACE /test HTTP/1.1
Host: api.example.com
X-Custom-Header: test-value
Via: 1.1 proxy.example.com

The Via header was added by a proxy, which TRACE reveals.

Security Concerns with TRACE

TRACE is disabled on most production servers because of Cross-Site Tracing (XST) attacks. An attacker could use JavaScript to send a TRACE request and read the response, which may contain Cookie and Authorization headers that browsers automatically attach, thereby stealing sensitive credentials.

CONNECT: Establishing Tunnels

CONNECT requests the proxy to establish a TCP tunnel to the destination server. This is primarily used for HTTPS connections through HTTP proxies.

CONNECT Example

CONNECT api.example.com:443 HTTP/1.1
Host: api.example.com:443
Proxy-Authorization: Basic dXNlcjpwYXNz

HTTP/1.1 200 Connection Established

After the tunnel is established, all subsequent data flows directly between the client and the target server, encrypted end-to-end. The proxy cannot read the encrypted traffic.

Properties Comparison

Property	TRACE	CONNECT
Safe	Yes	No
Idempotent	Yes	No
Cacheable	No	No
Primary use	Diagnostics	Proxy tunneling
Commonly enabled	No	On proxy servers

When You Encounter CONNECT

You rarely call CONNECT manually. Your browser sends it automatically when you configure an HTTP proxy and visit an HTTPS site. The proxy creates the tunnel, and all TLS-encrypted traffic passes through it.