Low
ISO 27001 A.8.9
CIS Controls CIS 4
Disable directory listing
When a directory has no index file, some servers list its contents — exposing files you never meant to publish.
Why it matters
Open directory listings leak file names, backups, uploads and internal structure that help an attacker map your site and find sensitive files.
How to fix it
Turn off automatic indexing at the server, or drop an index file into browsable directories.
# Apache
Options -Indexes
# nginx (default is off; ensure it is not enabled)
autoindex off;
Is your domain affected?
Prove ownership and run a scan for a graded, verifiable report.
Related guides
- Set up SPF, DKIM and DMARC to stop email spoofing
- Add the HTTP security headers every site should send
- Fix TLS: valid certificate and modern protocols only
- Remove exposed .git, .env and backup files
Compliance references are indicative mapping, not legal advice. Automated scanning is evidence and monitoring, not a guarantee of compliance.