X-Backend-Server header exposes server information

Description

The target website returns the X-Backend-Server header which includes potentially internal/hidden IP addresses or hostnames. By exposing these values, attackers may attempt to circumvent security proxies and access these hosts directly.

Remediation

Consult your proxy/load balancer documentation or provider on how to disable revealing the X-Backend-Server header value.

Details

ID	Aggregated	CWE	Type	Risk
16.4	true	16	Passive	Info

Links

• CWE