Help
CodeShare
Have some code. Share some code.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Remove X- Headers From Web Server Response

hooleylist
Cirrostratus
Cirrostratus

on ‎18-Mar-2015 14:43

Problem this snippet solves:

Remove any X- header from web server HTTP responses

Here is a simple iRule which removes any response header from the pool which starts with X-. The goal is to prevent users of the application from learning details of the application architecture from these user-defined comment headers.

Code :

when HTTP_RESPONSE { 
  
   # Remove all instances of the Server header 
   HTTP::header remove Server 
  
   # Remove all headers starting with x- 
   foreach header_name [HTTP::header names] { 
  
      if {[string match -nocase x-* $header_name]}{ 
  
         HTTP::header remove $header_name 
      }
   }
}
Labels:
0 Kudos
Comments
saidshow_251381
Cirrostratus
Cirrostratus
‎24-May-2016 18:29
Thank you hoolio. This is great. I have implemented as is for the purpose of testing and confirm that this worked without any changes. I will modify exactly what headers it targets depending on our needs.
0 Kudos
TomBenda_311829
Nimbostratus
Nimbostratus
‎27-Feb-2017 00:40

Be aware, that remove all x-* headers cant be allright with all cases. With this rule is remove header "X-UA-Compatible" header, which can has some render issue for web apps.

 

0 Kudos
Version history
Last update:
‎18-Mar-2015 14:43
Updated by:
Cirrostratus
Contributors
Copyright © 2023 Khoros, LLC