To disable the HTTP TRACE method from the Window Server using IIS.
Add the following in web.config
<system.webServer>
<security>
<requestFiltering>
<verbs applyToWebDAV=”false”>
<add verb=”TRACE” allowed=”false” />
</verbs>
</requestFiltering>
</security>
</system.webServer>
Use http://web-sniffer.net/ to verify the implementation.