X-Backend-Server header exposes server information


The target website returns the X-Backend-Server header which includes potentially internal/hidden IP addresses or hostnames. By exposing these values, attackers may attempt to circumvent security proxies and access these hosts directly.


Consult your proxy/load balancer documentation or provider on how to disable revealing the X-Backend-Server header value.


ID Aggregated CWE Type Risk
16.4 true 16 Passive Info