Header leak

Description

The web/application server is leaking tech stack information via HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon, and the vulnerabilities of such components may be subject to the leaked information.

Remediation

Remove headers disclosing server-side softwares version.

Configuration

Identifier: protocol/header_leak

Examples

Ignore this check

{
    "checks": {
        "protocol/header_leak": {
            "skip": true
        }
    }
}

Score

Escape Severity: LOW
- OWASP: API7:2023
- CWE

References

https://owasp.org/www-community/Security_Headers
- https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching
- https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html

Header leak

Description​

Remediation​

Configuration​

Examples​

Ignore this check​

Score​

References​