How to disable OPTIONS/TRACE/TRACK http methods?

HTTP defines a set of request methods to indicate the desired action to be performed for a given resource, such as “Options”, “Trace”, “Track” etc.

Options are analytical protocols commonly utilized to repair and clear up web servers. However, most frequently, it serves as a crack that lets attackers have an easy way to launch an attack. Also Trace/Track method may introduce Cross-Site Tracing vulnerability. It is thus, recommended blocking that possible access by disabling the Options/Trace/Track method.

You can use rewrite rules to do so.

RewriteCond %{REQUEST_METHOD} ^(OPTIONS|TRACE|TRACK)
RewriteRule .* - [F]

Please the above rule to domain's document rule .htaccess. If you use control panel and want to disable such for all virtual hosts, you can add it to virtual host include files, which will disable OPTIONS/TRACE/TRACK for all virtual hosts. Please refer to corresponding documentation of control panel on how to add/modify such include files for all virtual hosts.