How would I address an information leakage? I got a ‘c’ result as ‘The X-Powered-By response header presented the information PHP/7.1.33; PleskLin to the requestor’
I’m still learning about HTTP headers at the moment, was hoping someone could give some advice please?
Hi, this particular header ‘ The X-Powered-By response’ describes the technologies used by the webserver. Which in turn exposes the server to attackers as they can find vulnerabilities easier using the information from this header, they can formulate specific attacks against your infrastructure.
This is obviously not desirable so I would recommend removing all ‘X-Powered-By’ headers to lock down your security. Most people can do this by modifying their server configuration to disable ‘X-Powered-By’ headers, if you’re doing this on your own without assistance, there are lots of websites out there to give advice specifically to different types of server configurations.
You can also do this manually by adding header_remove(‘X-Powered-By’); to your web application code if you are unable to configure the server.
Then you will need to either wait for threatview to scan again or you manually run a scan. Hope this helps and that you’re able to lock down your website securely.
3 Likes