openresty
tcp/443
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
Open service 43.159.98.20:443 ยท blog.gotab.cn
2026-01-23 10:55
HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html
Vary: Accept-Encoding
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Language: zh-CN
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
Referrer-Policy: strict-origin-when-cross-origin
set-cookie: XSRF-TOKEN=fd06545a-3bf5-447c-9450-561fbe397340; Path=/; HTTPOnly
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: must-revalidate, no-cache, no-store, max-age=0
Transfer-Encoding: chunked
Connection: close
Date: Fri, 23 Jan 2026 10:56:14 GMT
EO-LOG-UUID: 7571642417479989687
EO-Cache-Status: MISS
NEL: {"success_fraction":0.1,"report_to":"eo-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https://nel.teo-rum.com/eo-cgi/nel"}],"group":"eo-nel","max_age":604800}