[ https://issues.apache.org/jira/browse/KNOX-932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15994657#comment-15994657 ]
Krishna Pandey commented on KNOX-932: ------------------------------------- It would be nice to have this as configurable property instead of entirely removing it. Removing it will cause more suspicion and push for resort to other fingerprinting techniques. > Option to remove the server-name from HTTP-header response > ----------------------------------------------------------- > > Key: KNOX-932 > URL: https://issues.apache.org/jira/browse/KNOX-932 > Project: Apache Knox > Issue Type: Improvement > Reporter: Kunal Rajguru > Labels: http-headers > > Option to remove the server name which is sent as HTTP-Header in the response > For example : > curl -i -k -u <username>:<password> -X GET > 'https://localhost:8443/gateway/default/webhdfs/v1/?op=LISTSTATUS' > HTTP/1.1 200 OK > Set-Cookie: > JSESSIONID=fs2lu9w7jcgt1tshnfs1cqf8v;Path=/gateway/default;Secure;HttpOnly > Expires: Thu, 01 Jan 1970 00:00:00 GMT > Cache-Control: no-cache > Expires: Wed, 15 Mar 2017 12:49:24 GMT > Date: Wed, 15 Mar 2017 12:49:24 GMT > Pragma: no-cache > Expires: Wed, 15 Mar 2017 12:49:24 GMT > Date: Wed, 15 Mar 2017 12:49:24 GMT > Pragma: no-cache > Server: Jetty(6.1.26.hwx) > Content-Type: application/json > Content-Length: 2593 -- This message was sent by Atlassian JIRA (v6.3.15#6346)