Information Disclosure via X-Redirect-By Header

Description

The 'X-Redirect-By' header discloses the mechanism or component responsible for initiating a redirect, often indicating a specific plugin, framework, or CMS feature. By revealing these details, attackers gain insights into your application’s internal routing or redirection logic, which can help them tailor exploits or social engineering attempts targeting known vulnerabilities or misconfigurations of the responsible module. Ultimately, leaking redirect information expands your attack surface by letting adversaries pinpoint exactly which technology or function is handling redirects, potentially enabling them to bypass security controls or manipulate redirects for malicious purposes.

Remediation

Remove or mask the 'X-Redirect-By' header so that external requests do not discover internal redirect implementations. Configure your server, application, or CMS to strip or rewrite redirection headers that identify modules or plugins. If you use a reverse proxy, CDN, or load balancer, ensure it does not re-inject this header into outgoing responses. Regularly update and patch any modules, plugins, or frameworks handling redirection to mitigate known vulnerabilities. Additionally, consider employing a Web Application Firewall (WAF) or intrusion detection system to track suspicious redirection-related patterns. Periodically review your logs and configurations to confirm no unnecessary information is leaked through response headers.

References

Severity

Owasp

Code: A05:2021

Category: Security Misconfiguration

Classification