Rust

Rust

By DeepSource

Audit required: Exposure of sensitive headersRS-A1004

Security

Use of headers such as "Server", "X-Powered-By" and "X-AspNet-Version" can leak sensitive information of your application and server. Avoid using these headers if possible.

The following possible response headers should be avoided for security reasons: * Server - Specifies web server version. * X-Powered-By - Indicates that the website is "powered by ASP.NET." * X-AspNet-Version - Specifies the version of ASP.NET used.

Examples

Bad practice

use http::header::{HeaderMap, SERVER};

let mut map = HeaderMap::new();
map.insert(SERVER, "Apache/2.4.1 (Unix)".parse().unwrap());

References