Avoid Web Application Framework Fingerprinting

Secure Configuration Checks > Domain

This check ensures that web application frameworks do not expose version information in HTTP response headers. Hiding framework details reduces the attack surface by preventing attackers from identifying framework-specific vulnerabilities.

Check Details

Resource: Web Application
Check: Avoid Web Application Framework Fingerprinting
Risk: If framework version details are exposed, attackers can target known framework-specific vulnerabilities.

Remediation via Nginx Configuration

Update the Nginx configuration to remove framework-specific HTTP response headers. Nginx configuration files are typically located in /etc/nginx/nginx.conf or /etc/nginx/sites-available/.

Open the appropriate Nginx configuration file.

Remove framework-specific headers by adding the following directives:

proxy_hide_header X-Powered-By;
proxy_hide_header X-AspNet-Version;
proxy_hide_header X-AspNetMvc-Version;
proxy_hide_header X-Generator;

Test the Nginx configuration:
```
sudo nginx -t
```
Reload Nginx to apply the changes:
```
sudo systemctl reload nginx
```

Verification

Verify that framework version information is no longer exposed in HTTP response headers.

curl -I http://example.com

Ensure that none of the following headers appear in the response:

X-Powered-By
X-AspNet-Version
X-AspNetMvc-Version
X-Generator

Replace example.com with your actual application domain.

Updated on 16 April, 2026

Other Articles

Avoid Web Application Framework Fingerprinting

Check Details

Remediation via Nginx Configuration

Verification