I'm not sure which httpd.conf you're looking at, but the one I spy with my little eye in \programdata\tableau\tableau server\data\tabsvc\config does have that module loaded. And I even see a Header command on line 226 of the file being used to add a Platform for Privacy Preferences policy notice (Header append P3P 'CP="Non"')
That policy shows up loud and clear in the Headers when I connect to Tableau in the browser...
That said, touching the file yourself is verboten and changing it generally means support won't assist with problems "as-is" since the product is not tested with "your" changes -- you'd have to put the machine back the way it was, etc. etc.
So, looks like you might be able to do this, but the million dollar question is whether you want to take the risk and put yourself outside of support.
...Realistically, I probably wouldn't bother making the change since I assume anyone who can look in online help or read forums like this will know we run Apache anyway. In my mind the supportability / "I might break something " risk is scarier than a bad guy knowing what web server I'm running.
FYI - I don't see the version of Apache being reported in the headers if that makes you any better
Edit: Just looked more closely at this, and now I see what you're talking about: Server: Tableau coming from individual processes. I also see that most of these suckers have a distinct server.xml config file a little bit further into the filesystem in...\config\<service name>. These xml files contain server=Tableau key / value pairs. For giggles, I changed them on one service to server=foobar and restarted....No change. So it appears additional hunting with a tool like Agent Ransack would need to be done to try and figure this out...
Thanks for your help
The httpd.conf I was looking at is in \Program Files\Tableau\Tableau Server\8.2\apache\conf\original
I am waiting for a verdict on whether the business wants me to wreck the .xml/.conf files, migrate to a different non-Tableau solution, or negotiate with the security directive.
If I end up wrecking .xml/.conf files I'll post with any results I get.