XenForo.com: "Heartbleed" header links to a domain that has changed hands

[PaulB]

XenForo.com sends a Heartbleed header with responses. The domain included in this header recently dropped and was re-registered, likely by a different entity. The URL is no longer accessible, and there's no indication as to the intentions of the new owner.

 

[nodle]

I'm not seeing it:

HTTP/1.1 200 OK =>
Date => Wed, 09 Nov 2022 19:16:22 GMT
Content-Type => text/html; charset=utf-8
Connection => close
x-frame-options => SAMEORIGIN
x-content-type-options => nosniff
last-modified => Wed, 09 Nov 2022 19:16:22 GMT
expires => Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control => private, no-cache, max-age=0
vary => Accept-Encoding
set-cookie => xf_csrf=ZrWE3dcs8fDcumGH; path=/; secure
heartbleed => NO; see http://heartbleedheader.com
CF-Cache-Status => DYNAMIC
Server => cloudflare
CF-RAY => 7678e1e97bae5797-IAD

 

[PaulB]

Fourth from the bottom.

 

[nodle]

Fourth from the bottom.

But it's reporting, no? Or do you mean it shouldn't been in the header at all?

EDIT* I see it shouldn't be reporting it.

 

[PaulB]

I'm not sure what you're asking. If you are currently using that URL in a header, you should remove it. You can continue to use the header, but not that URL.