HTTP TRACE method running on an internal server is not a risk factor