Response headers
Response headers can deliver additional metadata along with the actual response to an API call. This information could be about the response itself, like its location. But in some cases, the headers might contain actual data or reveal details about the backend server sending the response that you rather keep hidden.
In other words, response headers could be a source of direct data breach, or include details that put your API security at risk. It is recommended that you lock down and define your response headers properly. This way, even if your backend servers were breached, the design of your API prevents the servers from returning more information than the API is supposed to.
Browse through this section to see the details of each API security risk related to your API response headers.