diff --git a/doc/apache2/vhost.template b/doc/apache2/vhost.template
index 25348bde41..be6777a0f3 100644
--- a/doc/apache2/vhost.template
+++ b/doc/apache2/vhost.template
@@ -73,6 +73,10 @@
     <IfModule mod_rewrite.c>
         RewriteEngine On
 
+        # Make sure TRACE and TRACK methods are denied
+        RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) [NC]
+        RewriteRule .* - [F]
+
         # For FastCGI mode or when using PHP-FPM, to get basic auth working.
         RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 
diff --git a/doc/nginx/vhost.template b/doc/nginx/vhost.template
index a1d47665d6..e73073ab1c 100644
--- a/doc/nginx/vhost.template
+++ b/doc/nginx/vhost.template
@@ -6,6 +6,11 @@ server {
 
     root %BASEDIR%/web;
 
+    # Make sure TRACE and TRACK methods are denied
+    if ($request_method ~* ^(TRACE|TRACK)$) {
+        return 405;
+    }
+
     # Additional Assetic rules
     ## Don't forget to run php bin/console assetic:dump --env=prod
     ## and make sure to comment these out in DEV environment.