HTTP Protocol Information Leak

Question

I have done a test and The result is

HTTP Packet Inspection (Low)back Port: http (80/tcp) Summary: This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc.

Protocol version: HTTP/1.1
SSL: no
Pipelining: yes
Keep-Alive: no
Options allowed: (Not implemented)
Headers:
Content-Type: text/html, charset=UTF-8
Location: https://**********.***/
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Thu, 20 Nov 2014 13:35:35 GMT
Content-Length: 151

How To fix this issue?

score 2 · Accepted Answer · answered Nov 20 '14 at 15:14

2

HTTP is NOT a secure protocol, it never has been, and is not meant to be.

HTTPS IS the same protocol over a secure channel, though only if you use TLS 1.0 or newer (TLS 1.2 is highly recommended as 1.0 and 1.1 have known issues).

answered Nov 20 '14 at 15:14

Chris S

77,945
11
124
216

HTTP Protocol Information Leak

1 Answers1