Hi,
Thank you for your reply. We have the face this vulnerability when running a security scan on R Studio Server Community on Red Hat Linux Enterprise 7 (RHEL). We have also configure a reverse proxy using nginx.
When the server encountered a 500, 400, 404 error. Th server response header will show the status code. The implication is knowing whether certain inputs trigger a server error can aid or inform an attacker of potential vulnerabilities. It there a way to hide/remove the error status code or removing the server header?