Remove HTTP Response headers in Java

Question

Is there a way to remove HTTP response headers like Server and X-Powered-By?

My application is using a Weblogic server. I'm programming in Java using the Spring MVC framework and Hibernate, and using JSP for views.

What comes to my mind is write a Filter to deal with this – Vasilen Donchev May 02 '13 at 13:45 — Vasilen Donchev, May 02 '13 at 13:45

score 5 · Accepted Answer · edited May 23 '17 at 11:44

5

Depends on where the headers are added. If inside your app, you can use a Spring MVC Interceptor to remove them after your controller calls. If outside your app, you might be able to try a Java EE filter configured in web.xml (the example is security, but the approach will also work for your use case). If its added after that, you may want to look at your web front end (Apache, IIS, what-have-you) to configure a filter there.

UPDATE

This answer describes an approach for removing specific headers, as the HttpServletResponse interface does not allow for header removal explicitly. You will need some trial and error to determine what portion of your stack is adding the header.

edited May 23 '17 at 11:44

Community

1
1

answered May 03 '13 at 14:45

Peter Bratton

6,302
6
39
61

headers I mentioned are not added explicitly. They are showing up in the response. Need to explicitly block them from showing to user for security purposes – May 04 '13 at 11:26
I updated. Regardless of whether it is added explicitly, you will need to determine where it's being set as a side effect. – Peter Bratton May 06 '13 at 13:20
please help me on http://stackoverflow.com/questions/20421329/xpoweredby-not-working-in-web-logic – jackyesind Dec 06 '13 at 11:00

score 2 · Answer 2 · answered Jun 24 '15 at 08:41

2

If you set concrete responseHeader to null it will be removed / not seen in response headers.

answered Jun 24 '15 at 08:41

To Kra

3,344
3
38
45

Remove HTTP Response headers in Java

2 Answers2

Linked