All guides
Low ISO 27001 A.8.8 CIS Controls CIS 4

Stop leaking software versions in headers and errors

Server, X-Powered-By and framework debug banners tell attackers exactly what you run and which exploits to try.

Why it matters

Version disclosure is reconnaissance made easy. It does not compromise you on its own, but it lets an attacker skip straight to the exploits that match your stack — and debug pages can leak far more.

How to fix it

Suppress version banners, remove X-Powered-By, turn off debug/stack-trace pages in production, and return generic error pages.

# nginx
server_tokens off;

# PHP: hide version + disable display_errors
expose_php = Off
display_errors = Off

Is your domain affected?

Prove ownership and run a scan for a graded, verifiable report.

Related guides

Compliance references are indicative mapping, not legal advice. Automated scanning is evidence and monitoring, not a guarantee of compliance.