X-Debug-Token Information Leak

Type: Passive Scan

Description

The response contained an X-Debug-Token or X-Debug-Token-Link header. This indicates that Symfony's Profiler may be in use and exposing sensitive data.

Solution

Limit access to Symfony's Profiler, either via authentication/authorization or limiting inclusion of the header to specific clients (by IP, etc.).

References

Code

Last updated: 2020-04-30 16:12:39.623Z