Server Leaks Version Information via "Server" HTTP Response Header Field
Risk Level: Low
Confidence: 3
Description
The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.
Solution
Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.
Reference
https://httpd.apache.org/docs/current/mod/core.html#servertokens
https://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)
https://www.troyhunt.com/shhh-dont-let-your-response-headers/
CWE ID: 497
WASC ID: 13
Example Instance
URL: https://content-signature-2.cdn.mozilla.net/g/chains/202402/remote-settings.content-signature.mozilla.org-2026-04-17-11-20-45.chain
Method: GET
Evidence:
This issue was automatically created from an OWASP ZAP security scan.
Alert detected on: 2026-03-16
Plugin ID: 10036
Scan Metadata
- Branch:
main
- Template Source: NuGet.org
- Clean Template Version: 7.0.5
- Umbraco CMS Version: 17.1.0
Server Leaks Version Information via "Server" HTTP Response Header Field
Risk Level: Low
Confidence: 3
Description
The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.
Solution
Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.
Reference
https://httpd.apache.org/docs/current/mod/core.html#servertokens
https://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)
https://www.troyhunt.com/shhh-dont-let-your-response-headers/
CWE ID: 497
WASC ID: 13
Example Instance
URL:
https://content-signature-2.cdn.mozilla.net/g/chains/202402/remote-settings.content-signature.mozilla.org-2026-04-17-11-20-45.chainMethod: GET
Evidence:
This issue was automatically created from an OWASP ZAP security scan.
Alert detected on: 2026-03-16
Plugin ID: 10036
Scan Metadata
main