Rule from http under security category
Passmarked is made out of users just like you who helped supply some content. Click below to contribute to this rule. We need you.Add content to this rule
Several server side technologies send the X-Powered-By header. This gives clients quite a overview of what the server might be running, which allows malicious users to quite easily search for security vulnerabilities affecting the versions specified.
It is recommended to disable this header to prevent any leaking of potential information that could aid an attacker.
For PHP, in your
expose_php = off
For IIS, by including these lines to the
<httpProtocol> <customHeaders> <remove name="X-Powered-By" /> </customHeaders> </httpProtocol>
Passmarked works best when you have an account. It allows you to keep a dashboard with saved data of the sites you have run through the system, we’ll alert you about important updates and you get access to the Passmarked Slack forum.Sign up to get started