are caused by the existence of Cross Site Scripting (XSS) in web servers where the HTTP method TRACE is enabled. This technique is mainly used to bypass cookie restrictions imposed by the directive httpOnly.Pentesters can save time by using Nmap to quickly determine if the web server has the method TRACE enabled.