All fix guides

How to stop leaking your server/framework version

Remove version banners so attackers can't shortlist exploits for your exact stack.

What it is

Headers like `Server` and `X-Powered-By` can advertise the exact software and version you run.

Why it matters

Exact versions hand attackers a ready-made list of known vulnerabilities to try first.

How to fix it

  1. 1Remove or generalize the `Server` header (e.g. Nginx `server_tokens off;`).
  2. 2Remove `X-Powered-By` (e.g. disable it in Express/PHP, or strip it at the proxy/CDN).
  3. 3Strip any framework-specific version headers at your reverse proxy.
  4. 4Re-scan to confirm no version leakage.

Not sure if your site is affected?

Run a free scan — or let us fix it all for you.

Privacy and cookie preferences

We use strictly necessary cookies to run the site. Analytics, marketing, and AI assistant telemetry are optional and disabled until you choose. You can update consent any time in Cookie Settings.

Some infrastructure cookies, such as load balancer routing cookies, are essential for service delivery. Details: Cookie Policy