SECTION: 400-Security TITLE: versionHeader QUESTION: Can I suppress the server version header? By default, the Jetty server includes some version information in it's response headers: <blockquote> <pre> HTTP/1.1 200 OK Date: Wed, 31 Mar 2004 03:46:50 GMT Content-Type: text/html;charset=ISO-8859-1 Server: Jetty/4.2.7 (SunOS/5.8 sparc java/1.4.1_03) ... <snip> </pre> </blockquote> While this is not itself a security risk, some organisations would rather not give out such detailed information. To suppress this header, the system property <code>org.mortbay.http.Version.paranoid</code> needs to be set to true: <pre> java -Dorg.mortbay.http.Version.paranoid=true ... </pre>