I don't see a good reason not to have a ServerTokens None option... All the ServerTokens options that hide version numbers are security by obscurity anyway.... So it's not really anything new, just expanding something that already exists to have a more complete compliment of similar options.
Dave -----Original Message----- From: Brass, Phil (ISS Atlanta) [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 26, 2003 12:31 PM To: [EMAIL PROTECTED] Subject: RE: Removing Server: header OK, so given that Date and Last-Modified are required response headers and everybody pretty much hates the idea of removing them, and that removing the Server header amounts to nothing more than security by obscurity, is anybody still interested in seeing a patch that offers a ServerTokens value of None and strictly prevents the addition of the Server: header to the response? If so I'd be happy to do it. Thanks in advance! Phil
