Best practices

Web server configuration is exposed

Risk Level

Informational (4)

  • N/A


Web server exposes configuration details through HTTP header, and by doing that the web server is revealing information about the software it is running, which could potentially be used by attackers to target specific vulnerabilities or exploit known weaknesses in the software.
  • Recommended Mitigation

    It is recommended to remove any unnecessary HTTP headers like 'X-Powered-By' that exposes server configuration details. It's important to carefully evaluate the risks associated with exposing web server configuration information and take steps to prevent any potential security issues.