Our security team ran a web-inspect security scan on our Drupal 7 site and reported that our site is vulnerable to verb tunneling using headers or query parameters such as X-HTTP-Method, X-HTTP-Method-Override, X-Method-Override, or a query parameter such as _method to use an override method to gain access to restricted HTTP methods. Not sure if this is a legitimate vulnerability for drupal 7 or can these kind of HTTP headers for verb tunneling be disabled?. Any response is greatly appreciated. We are using nginx and php-fpm on a Linux server for our Drupal 7 application.