cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
261
Views
0
Helpful
2
Replies
Highlighted
Beginner

Cisco ASA: How can I remove the header Server and X-Powered-By from http server service?

Hi community friends,

 

We recently had a pentesting in my company. I have an ASA 5508 for Anyconnect VPNs, version 9.8 (3) 29. During the audit, the following vulnerability appeared: Security headers not configured. They gave me the following link: https://medium.com/guayoyo/asegurando-las-cabeceras-de-respuestas-http-en-servidores-web-apache-y-nginx-2f71e62ffda4. The problem is that the https responses from the ASA are including the Server & X-Powered-By headers.

 

I want to know how I can remove those headers for the https responses??? Can I make an update to solve this issue???

2 REPLIES 2
Highlighted
VIP Advisor

 

 - As the product can be seen as being an appliance in this context, presumably only by making  a support case, or filing an enhancement request.

 M.

Highlighted
Rising star

The only two headers I'm aware of that you can remove on the ASA are the x-content and the x-xss. However, it is very interesting to see the ASA returning the Server and the x-powered values as I think it should not. Did you know if that scanner was running on the ASA outside interface or on the inside? did you actually see those values reported by the pentest scanner?

Content for Community-Ad