Simplest way I can think of is using cURL (which is scriptable).
curl -v -X TRACE http://www.yourserver.com
Running it against an Apache server with TraceEnable Off
correctly returns HTTP/1.1 405 Method Not Allowed
(just tested on an Apache 2.2.22)
This also works on HTTPS sites, provided that cURL has the correct information supplied to the SSL layer. This is the lazy man's check of Google
curl --insecure -v -X TRACE https://www.google.com/
...it negotiates the connection (does not verify the certificate chain, but that's not the issue here since we want to check on TRACE
status), and responds 405:
* Server certificate:
* subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=www.google.com
* start date: 2013-02-20 13:34:56 GMT
* expire date: 2013-06-07 19:43:27 GMT
* subjectAltName: www.google.com matched
* issuer: C=US; O=Google Inc; CN=Google Internet Authority
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> TRACE / HTTP/1.1
> User-Agent: curl/7.25.0 (x86_64-suse-linux-gnu) libcurl/7.25.0 OpenSSL/1.0.1c zlib/1.2.7 libidn/1.25 libssh2/1.4.0
> Host: www.google.com
> Accept: */*
< HTTP/1.1 405 Method Not Allowed