Exposure of sensitive header:
SERVER
124fn header() {
125use http::header::{HeaderMap, SERVER, SET_COOKIE};
126let mut h = HeaderMap::new();
127 h.insert(SERVER, 5.into());128 h.insert(SET_COOKIE, 42.into());
129}
Description
Use of headers such as "Server", "X-Powered-By" and "X-AspNet-Version" can leak sensitive information of your application and server. Avoid using these headers if possible.
The following possible response headers should be avoided for security reasons:
Server
- Specifies web server version.X-Powered-By
- Indicates that the website is "powered by ASP.NET."X-AspNet-Version
- Specifies the version of ASP.NET used.
Bad practice
use http::header::{HeaderMap, SERVER};
let mut map = HeaderMap::new();
map.insert(SERVER, "Apache/2.4.1 (Unix)".parse().unwrap());