Follow

Q&A: What are the default HTTP Response Headers that are stripped or removed via a WAF policy?

Question

What are the default HTTP Response Headers that are stripped or removed via a WAF policy?

Environment

  • Silverline WAF 
  • WAF Policy
  • Proxy/Proxies
  • HTTP Response Headers

Answer

Certain HTTP headers allow an HTTP server to provide information about the software that the server uses to handle HTTP requests. These HTTP headers may contain product and version information, as well as comments identifying the server and any significant sub-products. While this information may be useful for some clients, it is considered unnecessary information leakage. As a result, Silverline WAF policies are configured to remove these HTTP headers from responses to increase application security.

  • HTTP header removed BIG-IP ASM version
    Server 11.0.0 and later
    X-Powered-By 13.1.0 and later
    X-AspNet-Version 13.1.0 and later
    X-AspNetMvc-Version 13.1.0 and later
    X-Generator 13.1.0 and later
    X-Powered-CMS 13.1.0 and later

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request