Security misconfiguration detected.

Description

It can help to provide an extra layer of security to reduce server fingerprinting. Though not a security issue itself, a method to improve the overall posture of a web server is to take measures to reduce the ability to fingerprint the software being used on the server. Server software can be fingerprinted by quirks in how they respond to specific requests.

By default, Express.js sends the X-Powered-By response header banner. This can be disabled using the app.disable() method:

  app.disable('x-powered-by')

Resources

Associated CWE

OWASP Top 10