TRACE
{{HTTPSidebar}}
The TRACE HTTP method performs a message loop-back test along the path to the target resource.
The final recipient of the request should reflect the message as received (excluding any fields that might include sensitive data) back to the client as the message body of a {{HTTPStatus("200", "200 OK")}} response with a {{HTTPHeader("Content-Type")}} of message/http.
The final recipient is either the origin server or the first server to receive a {{HTTPHeader("Max-Forwards")}} value of 0 in the request.
The client must not send {{Glossary("HTTP Content", "content")}} in the request, or generate headers that might include sensitive data such as user credentials or cookies.
Not all servers implement the TRACE method, and some server owners have historically disallowed the use of the TRACE method due to security concerns.
In such cases, a {{HTTPStatus("405", "405 Method Not Allowed")}} client error response will be sent.
| Request has body | No |
|---|---|
| Successful response has body | Yes |
| `{{Glossary("Safe/HTTP", "Safe")}}` | Yes |
| `{{Glossary("Idempotent")}}` | Yes |
| `{{Glossary("Cacheable")}}` | No |
| Allowed in HTML forms | No |
Syntax
TRACE <request-target>["?"<query>] HTTP/1.1
<request-target>- : Identifies the target resource of the request when combined with the information provided in the
{{HTTPHeader("Host")}}header. This is an absolute path (e.g.,/path/to/file.html) in requests to an origin server, and an absolute URL in requests to proxies (e.g.,http://www.example.com/path/to/file.html).
- : Identifies the target resource of the request when combined with the information provided in the
<query>{{optional_inline}}- : An optional query component preceded by a question-mark
?. Often used to carry identifying information in the form ofkey=valuepairs.
- : An optional query component preceded by a question-mark
Examples
Successful TRACE request
A TRACE request can be performed using curl:
curl -v -X TRACE example.com
This produces the following HTTP request:
TRACE / HTTP/1.1
Host: example.com
User-Agent: curl/8.7.1
Accept: */*
A {{HTTPStatus("200", "200 OK")}} response with the request headers contained in response body is sent back to the client:
HTTP/1.1 200 OK
Content-Length: 123
Date: Wed, 04 Sep 2024 11:50:24 GMT
Server: Apache/2.4.59 (Unix)
Content-Type: message/http
TRACE / HTTP/1.1
Host: example.com
User-Agent: curl/8.7.1
Accept: */*
Specifications
{{Specifications}}
Browser compatibility
The browser doesn’t use the TRACE method for user-initiated actions, so “browser compatibility” doesn’t apply.
Developers can set this request method using fetch().