Information Disclosure via X-dtAgentId Header

Description

The 'X-dtAgentId' header is commonly used by Dynatrace (and similar APM solutions) to associate requests with a specific agent instance for performance monitoring. When exposed externally, attackers can gain insights into internal tracing or agent configurations, potentially identifying ways to bypass or interfere with monitoring. Malicious actors might leverage knowledge of agent IDs to evade detection, falsify telemetry data, or launch targeted attacks on the APM infrastructure. Ultimately, disclosing this header increases the attack surface by revealing details about the observability layer, which could be exploited to conceal malicious activity or compromise application performance insights.

Remediation

Remove or mask the 'X-dtAgentId' header before it reaches untrusted clients. Configure your APM tool or server settings to suppress proprietary tracing headers in external responses. If you use reverse proxies, load balancers, or CDNs, ensure they do not preserve or re-inject this header. Keep your Dynatrace or APM solution updated with the latest security patches, and consider using a Web Application Firewall (WAF) or intrusion detection system to monitor suspicious traffic related to agent manipulation. Regularly audit logs and configurations to confirm that no sensitive observability details are inadvertently leaked.

References

Severity

Owasp

Code: A05:2021

Category: Security Misconfiguration

Classification