PCI Compliance Issues - Directory Issue

Hello!! My app is going through PCI compliance right now and we got flagged for:

Browsing of directories on web servers or having remote access software present can lead to information disclosure or potential exploit.

Does anyone know how to resolve this on bubble? We are on a shared IP plan - so I am not sure I have control over that.

Thank you!!

Which API?

80/tcp/www – is what was returned. On second thought, it may not be an API - correct?

Correct. In this instance, Stripe would be an API.
What company/organization is handling your compliance?

The scan was done by Sysnet Global Solutions

Are you posting to an endpoint of theirs?

We are using a payment processor (not stripe) that requested we have to get a PCI scan.

I don’t think it’s a directory issue.

Guesses:
Data permissions may not be strict enough.
You might wantnt to enable 2-factor auth.