SECTION: 400-Security
TITLE: versionHeader
QUESTION: Can I suppress the server version header?
By default, the Jetty server includes some version information in it's response
headers:
<blockquote>
<pre>
HTTP/1.1 200 OK
Date: Wed, 31 Mar 2004 03:46:50 GMT
Content-Type: text/html;charset=ISO-8859-1
Server: Jetty/4.2.7 (SunOS/5.8 sparc java/1.4.1_03)
...
<snip>
</pre>
</blockquote>
While this is not itself a security risk, some organisations would rather not give
out such detailed information. To suppress this header, the system property
<code>org.mortbay.http.Version.paranoid</code> needs to be set to true:
<pre>
java -Dorg.mortbay.http.Version.paranoid=true ...
</pre>
