Gratipay: [gratipay.com] Cross Site Tracing

Hello team, I was checking if TRACE method is enabled on gratipay.com or not? I opened up my terminal CLI and executed this command: curl -v -X TRACE http://gratipay.com The response may not actually shows it is vulnerable, but it is not as well a message for properly configured "no" to Cross Sit...

Gratipay: Email Forgery through Mandrillapp SPF

Description :- The SPF record of gratipay.com include Mandrillapp which you are not using right now, i'm able to add gratipay.com in my account, although a further verification of domain is required but you should know that Mandrillapp allow to send email from a domain if its SPF records point...

Gratipay: HTTP trace method is enabled

Hello, HTTP TRACE method is enabled on your server which should not be enabled. It can lead to cross site tracing ! Cross site tracing: https://www.owasp.org/index.php/CrossSiteTracing root@initlabs: curl -vX TRACE "https://gratipay.com" Rebuilt URL to: https://gratipay.com/ Hostname was NOT foun...