Hi, I have had a security report handed to us with some Medium risks and was wondering if these are:
- Proxy Disclosure
Description
1 proxy server(s) were detected or fingerprinted. This information helps a potential attacker to determine - A list of targets for an attack against the application.
- Potential vulnerabilities on the proxy servers that service the application.
- The presence or absence of any proxy-based components that might cause attacks against the application to be detected, prevented,
or mitigated.
Solution
- Configure all proxies, application servers, and web servers to prevent disclosure of the technology and version information in the
‘Server’ and ‘X-Powered-By’ HTTP response headers.
the following proxy servers have been identified between ZAP and the
application/web server: - Netlify The following web/application server has been identified: - Netlify
So, how to remove or config X-Powered-By in netlify?