Description

This publicly exposed API endpoint was found responding with headers that reveal sensitive information about the technology stack, server configuration, or infrastructure details. The presence of these headers provides potential attackers with valuable reconnaissance information that could be used to target specific vulnerabilities in the identified technologies.

Which headers are considered unwanted?

• X-AspNet-Version: Reveals the specific ASP.NET version in use.
• X-AspNetMvc-Version: Exposes the ASP.NET MVC framework version.
• X-Powered-By: Discloses the technology powering the application (PHP, ASP.NET, etc.).
• Server: Reveals web server software and version information.
• Via: Exposes proxy server information.
• X-Generator: Reveals the framework or CMS used to generate the content.
• X-Backend-Server: Exposes internal infrastructure details.

These headers are checked in the service response on common HTTP response codes: 200, 400, 403, 405, and 500.

Remediation

Remove or suppress the unwanted headers from all API responses to minimize information disclosure.

Suppression examples:

# for ASP.NET Applications in web.config
<system.web>
  <httpRuntime enableVersionHeader="false" />
</system.web>
<system.webServer>
  <httpProtocol>
    <customHeaders>
      <remove name="X-Powered-By" />
      <remove name="Server" />
    </customHeaders>
  </httpProtocol>
</system.webServer>

# For Apache Web Server in httpd.conf or .htaccess
ServerTokens Prod
ServerSignature Off
Header unset X-Powered-By
Header unset Server

# For nginx in nginx.conf
server_tokens off;
proxy_hide_header X-Powered-By;
proxy_hide_header Server;