Remove 'Server' http header from api response

1
votes

I have an application which uses camel-jetty, camel-cxf to expose a REST api and runs in apache karaf (fuse esb). Because of security reasons, I need to remove 'Server' header from API response. I removed the header from camel exchange headers but still it returns in api response as Jetty(7.6.7.v20120910). How can I remove the header from API response ?

2
apache-cameljettyfuseesbcxfrs
Hard to help unless you show your route and logs that display the headers.Souciance Eqdam Rashti

2 Answers

1
votes

The jetty component, you can turn off sendServerVersion by setting sendServerVersion=false in the endpoint uri.

For Apache CXF or camel-cxf I am not sure if that is possible. You would need to check Apache CXF documentation.

0
votes

I added following line to jetty.xml and got server header removed.

<Set name="sendServerVersion">false</Set>