PCI-DSS 4.0 6.4.1

Attacks from web-based threats

UnveilScan findings mapped to this control

The scanner emits 2 distinct findings on this control. Click "Scan a domain" below to see which of them currently apply to your site, with copy-paste remediation snippets (nginx, Apache, DNS BIND, web-server config).

web.http_method_trace ⏱ 10 min

WEB — Http method trace

Risk if ignored: TRACE enables Cross-Site Tracing (XST): a hostile page harvests HTTP-only cookies through XHR. Rare but trivially exploitable when present.

security

Also maps to 2 other controls

ANSSI Reco-WebSec §4.2 — Désactiver la méthode TRACE
ISO 27001:2022 A.8.9 — Configuration management

web.waf_detected ⏱ 15 min

WEB — Waf detected

Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.

operational