Skip to content

X-Backend-Server header exposes server information

Description

The target website returns the X-Backend-Server header which includes potentially internal/hidden IP addresses or hostnames. By exposing these values, attackers may attempt to circumvent security proxies and access these hosts directly.

Remediation

Consult your proxy/load balancer documentation or provider on how to disable revealing the X-Backend-Server header value.

Details

ID Aggregated CWE Type Risk
16.4 true 16 Passive Info

Links