Details
Alert Id 10037
Alert Type Passive
Status release
Risk Low
CWE 200
WASC 13
Tags OWASP_2017_A03
OWASP_2021_A01
WSTG-V42-INFO-08

Summary

The web/application server is leaking information via one or more “X-Powered-By” HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

Solution

Ensure that your web server, application server, load balancer, etc. is configured to suppress 'X-Powered-By' headers.

References

Code

org/zaproxy/zap/extension/pscanrules/XPoweredByHeaderInfoLeakScanRule.java