Missing server configuration to reduce server fingerprinting

Description

It can help to provide an extra layer of security to reduce server fingerprinting. Though not a security issue itself, a method to improve the overall posture of a web server is to take measures to reduce the ability to fingerprint the software being used on the server. Server software can be fingerprinted by quirks in how they respond to specific requests.

By default, Express.js sends the X-Powered-By response header banner. This can be disabled using the app.disable() method:

  app.disable('x-powered-by')

Resources

Associated CWE

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=javascript_express_reduce_fingerprint

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=javascript_express_reduce_fingerprint