1. Ensure that your Web server does not send a response header that displays information about the backend technology type or version.
2. Ensure that all services running on the port on which the server is open do not display information about its build and version.
3. Ensure that access to all directories is correct and that attackers are not allowed to access all your files.
4. Do not hardcode the account password in the code. Also, do not write related information in comments.
5. Configure MIME information for all types of applications in the Web server
6. Do not upload sensitive information to the website.
7. Always check that each request to create/edit/view/delete resources has proper access control, prevent unauthorized access, and ensure that all confidential information is kept confidential.
8. Ensure that your Web application handles user input correctly and always returns a generic response for all non-existent/disallowed resources in order to confuse the attacker.
9. The backend code should take all the circumstances into account and ensure that the information is not compromised when an exception occurs.
10. Configure the Web server to disallow directory traversal and ensure that the Web application always displays the default Web page.
Web Information Disclosure Considerations