Cross-site tracing takes advantage of the fact
that a web server should reflect the client’s HTTP message in its respose.
2 The common misunderstanding of an XST attack’s goal is that it uses a TRACE request to cause the server to reflect JavaScript in the HTTP response body that the browser would consequently execute.
As the following example shows, this is in fact what happens even though the reflection of JavaScript isn’t the real vulnerability.
The green and red text indicates the response body. The request was made with netcat.