Security misconfiguration detected (server fingerprinting).
- Rule ID: javascript_express_reduce_fingerprint
- Languages: javascript
- Source: reduce_fingerprint.yml
Description
It can help to provide an extra layer of security to reduce server fingerprinting. Though not a security issue itself, a method to improve the overall posture of a web server is to take measures to reduce the ability to fingerprint the software being used on the server. Server software can be fingerprinted by quirks in how they respond to specific requests.
By default, Express.js sends the X-Powered-By response header banner. This can be disabled using the app.disable() method:
app.disable('x-powered-by')
Resources
Associated CWE
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=javascript_express_reduce_fingerprint
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=javascript_express_reduce_fingerprint
Ready to take the next step? Learn more about Bearer Cloud.