This article is a part of our Web Security Knowledge Base (back to index)

Why “Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)” can be dangerous

The issue means that the web server returns one or more X-Powered-By HTTP headers.

The X-Powered-By header is one of the HTTP response headers that can be returned by the web server. It describes the technologies that were used to build your web application, for instance a particular scripting technology.

In general, setting the X-Powered-By header should be avoided as it is a potential security risk - it allows attackers to exploit vulnerabilities of the technologies to attack your web application.

How to fix “Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)”

Configure your HTTP server (like apache web server) not to set this http header in the responses constructed or configure it to return misleading information.

How does ScanRepeat report “Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)”

ScanRepeat reports “Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)” listing all instances of URL resources leaking information by one or more X-Powered-By headers. Additional information on what should be set to fix this problem is also added.

Would you like to test your application now against this problem? Sign up for our free trial

Scan Your Web App Now
Scan your application
for 14 days for free

No credit card is required. No commitment.

Sign Up Free