About OPTIONS method

OPTIONS is a diagnostic method which is mainly used for debugging purpose. This HTTP method basically reports which HTTP Methods that are allowed on the web server. In reality, this is rarely used for legitimate purposes, but it does grant a potential attacker a little bit of help and it can be considered a shortcut to find another hole.

How to fix it

OPTIONS method should be disabled.

Way to do it

Methods to disable OPTION method may vary depending upon the type, version of the web server.

IIS (For new versions)

IIS (For old versions)