Proxy Disclosure
- Risk:
Medium
- Type:
- Active
- CWE:
- CWE-200
- Solution
Disable the 'TRACE' method on the proxy servers, as well as the origin web/application server. Disable the 'OPTIONS' method on the proxy servers, as well as the origin web/application server, if it is not required for other purposes, such as 'CORS' (Cross Origin Resource Sharing). Configure the web and application servers with custom error pages, to prevent 'fingerprintable' product-specific error pages being leaked to the user in the event of HTTP errors, such as 'TRACK' requests for non-existent pages. Configure all proxies, application servers, and web servers to prevent disclosure of the technology and version information in the 'Server' and 'X-Powered-By' HTTP response headers.
Opera wants you to pay $19.90 per month for its new AI browser
Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer
Signal adds new cryptographic defense against quantum attacks
Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads
Renault and Dacia UK warn of data breach impacting customers
ShinyHunters launches Salesforce data leak site to extort 39 victims
CommetJacking attack tricks Comet browser into stealing emails
Oracle links Clop extortion attacks to July 2025 vulnerabilities
Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL
CVE-2025-4008 Smartbedded Meteobridge Command Injection Vulnerability
CVE-2025-21043 Samsung Mobile Devices Out-of-Bounds Write Vulnerability
CVE-2015-7755 Juniper ScreenOS Improper Authentication Vulnerability
CVE-2017-1000353 Jenkins Remote Code Execution Vulnerability
CVE-2021-21311 Adminer Server-Side Request Forgery Vulnerability
CVE-2025-10035 Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability
CVE-2025-59689 Libraesva Email Security Gateway Command Injection Vulnerability
CVE-2025-32463 Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
CWE-1434 Insecure Setting of Generative AI/ML Model Inference Parameters
CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
HighCWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-1431 Driving Intermediate Cryptographic State/Results to Hardware Module Outputs
Free online web security scanner