When attempting to establish if a web application employs defensive measures against attacks, which method would provide the MOST reliable evidence of such protections?
Review the range of supported HTTP methods to identify unusual activity related to security configurations.
Check cookies for flags and detailed session information to infer security implementations.
Determine if standard web service ports are responsive to confirm protective measures.
Analyze the server's response headers for specific signatures indicative of protective systems.