Hi Sergey,
> I don't think this is a good idea to change the default behaviour
> for the directive we have for a long-long time.
But it's arguably a wrong behavior, and keeping it forever wrong
because of a decision made ~20 years ago, doesn't seem like
a particularly great idea.
Also, while
Hi Piotr,
thank you for the patch.
On Wed, Feb 28, 2024 at 01:20:35AM +, Piotr Sikora via nginx-devel wrote:
[...]
> HTTP: stop emitting server version by default.
> This information is only useful to attackers.
> The previous behavior can be restored using "server_tokens on".
[...]
I