A response header is an HTTP header that can be used in an HTTP response and that doesn't relate to the content of the message. Response headers, like Age, Location or Server are used to give a more detailed context of the response.
Penetration tester found that there is sensitive information related to the server version in the HTTP response header and the version of the web application framework used.
Exposing details of the server version and web application technology can increase the likelihood of attackers efficiently exploiting servers with known knowledge.
Re: Information Disclosure in HTTP response header
There are different actions that may be taken to patch this vulnerability. Since Alfresco is installed behind a HTTP Web Proxy (NGINX by default), following configuration will avoid to expose unwanted information in HTTP responses: