What is your idea?
Hide the entire HTTP Header, or at least the "Server" portion of the HTTP Header of the Web Server so that it does not display the type of server it is running.
What problem are you trying to solve or what scenario would this idea solve?
- Our clients require this security measure on all of our externally facing webservers, which are audited continually for vulnerabilities
- Helps reduce unwanted malware traffic that may use search engines to find vulnerable server types
- The information is not necessary to functionality and doesn't need to be broadcasted for any purpose
- Even if it's only a few bits, that's a few bits-per response/request that won't be added to performance latency
What workaround have you found and used so far (if any)?
Currently we have not found a work around that does not nullify our Tableau Support Agreement or require spinning up additional web\proxy servers to sit in front of it. If our clients insist that this requirement be met we will have to implement a different software solution that allows the security measure to be executed.
What is your role in your organization?
I'm a Systems Administrator.