Avoid Web Application Framework Fingerprinting

This check ensures that web application frameworks do not expose version information in HTTP response headers. Hiding framework details reduces the attack surface by preventing attackers from identifying framework-specific vulnerabilities.

Check Details

Resource: Web Application
Check: Avoid Web Application Framework Fingerprinting
Risk: If framework version details are exposed, attackers can target known framework-specific vulnerabilities.

Remediation via Nginx Configuration

Update the Nginx configuration to remove framework-specific HTTP response headers. Nginx configuration files are typically located in /etc/nginx/nginx.conf or /etc/nginx/sites-available/.

Open the appropriate Nginx configuration file.

Remove framework-specific headers by adding the following directives:



proxy_hide_header X-Powered-By;
proxy_hide_header X-AspNet-Version;
proxy_hide_header X-AspNetMvc-Version;
proxy_hide_header X-Generator;

Test the Nginx configuration:
```
sudo nginx -t
```
Reload Nginx to apply the changes:
```
sudo systemctl reload nginx
```

Verification

Verify that framework version information is no longer exposed in HTTP response headers.


curl -I http://example.com

Ensure that none of the following headers appear in the response:

X-Powered-By
X-AspNet-Version
X-AspNetMvc-Version
X-Generator

Replace example.com with your actual application domain.

Other Articles

Avoid Web Application Framework Fingerprinting

Check Details

Remediation via Nginx Configuration

Verification