Microsoft-IIS 10.0
tcp/443
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
Public Swagger UI/API detected at path: /swagger/index.html
Open service 52.232.19.237:80 · customerorderv2service.egretail-test.cloud
2026-01-11 17:04
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Sun, 11 Jan 2026 17:05:12 GMT Location: https://customerorderv2service.egretail-test.cloud/
Open service 52.232.19.237:443 · customerorderv2service.egretail-test.cloud
2026-01-11 17:04
HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Sun, 11 Jan 2026 17:05:11 GMT Server: Microsoft-IIS/10.0 Location: /swagger/ Set-Cookie: ARRAffinity=96ab32851de58070611930dcfd1aeb259429766fe83c01e562e3ca42adf636a1;Path=/;HttpOnly;Secure;Domain=customerorderv2service.egretail-test.cloud Set-Cookie: ARRAffinitySameSite=96ab32851de58070611930dcfd1aeb259429766fe83c01e562e3ca42adf636a1;Path=/;HttpOnly;SameSite=None;Secure;Domain=customerorderv2service.egretail-test.cloud Strict-Transport-Security: max-age=31536000 Request-Context: appId=cid-v1:5ac23c91-f151-456f-9e54-a237fc6b5e42 X-Frame-Options: DENY X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy: style-src 'self' 'nonce-PtzTST4J8Hf7ZObcBjUp81hL73jGeqpfsmCK16svGlo='; script-src 'self' 'nonce-PtzTST4J8Hf7ZObcBjUp81hL73jGeqpfsmCK16svGlo='; default-src 'none'; img-src 'self' data:; connect-src 'self' X-Powered-By: ASP.NET