Removing http headers in Apache2

michael picture michael · Dec 16, 2010 · Viewed 17.8k times · Source

On an Apache2.2.9 hosted site, I would like to remove the headers below.

Date Thu, 16 Dec 2010 17:49:45 GMT Server Apache Keep-Alive timeout=15, max=92 Connection Keep-Alive

Let me preempt the discussion on whether or not it it right/legal/nice to remvoe Server and Date: I have read the standard and I still want to do it. The bytes saved are significant (average response size is ~200B).

In my site.conf (last load from apache2.conf) I have tried this with no success:

    Header unset Date
    Header unset Server
    Header unset Connection 
    Header unset Keep-Alive

Other Header unset directives do work (so mod_headers is loaded).

Answer

erloewe picture erloewe · Feb 8, 2011

Have you noticed this bug report? The inability to unset certain headers is a design issue in Apache. The patch attached contains a way to remove the Server header. Looking at it briefly it seems that lobotomizing the rest of the unwanted default included headers can be done at modules/http/http_filters.c, around line 1000...