Share passwords carefully truth is, it's impractical in the modern environment. Families need to share passwords to bank accounts, credit cards, and other online services with spouses, and many share a single login to services like Netflix.
The X-Powered-by header reveals information about the technology used in an application. So this can be an opportunity for an attacker for hackers who can exploit security weaknesses of the technology.
X-Powered-By is a common non-standard HTTP response header, So in which the most headers prefixed with an X- are non-standard. Because It’s often included by default in responses constructed via a particular scripting technology.
It’s important to note that it can be disabled and/or manipulated by the server. So some servers choose not to include it or even to provide misleading information to throw off attackers that might target a particular technology or version.
Tested in Apache Web Server 2.4, Browse the URL and Look at the Response Header and you will see X-Powered-BY.
Browse the URL and Look at the Response Header and you will see X-Powered-BY is removed.
Fixing X-powered-by alone is not going to protect the website from all the security threats. And also ensure to follow Web Application security checklist and leverage eCyLabs Web Application Firewall could protect from this kind of issues at the Firewall level
Leverage eCyLabs ASPM to get 360 degree view of your application security posture from code to cloud. Our Marketplace approach is cost-effective and efficient way for security and compliance monitoring.
![enquiry[at]ecylabs.com](https://ecylabs.com/wp-content/themes/ecylanding/assets/img/bg-img/contact_enquiry_ecylabs.png){kind=small}
English
