Opened 6 years ago

Closed 6 years ago

#550 closed enhancement (wontfix)

Add method to remove or change deafult headers.

Reported by: Kevin Cox Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.5.x
Keywords: Cc:
uname -a:
nginx -V: nginx version: nginx/1.6.0
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/bin/nginx --pid-path=/run/nginx.pid --lock-path=/run/lock/nginx.lock --user=http --group=http --http-log-path=/var/log/nginx/access.log --error-log-path=stderr --http-client-body-temp-path=/var/lib/nginx/client-body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-imap --with-imap_ssl_module --with-ipv6 --with-pcre-jit --with-file-aio --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_realip_module --with-http_spdy_module --with-http_ssl_module --with-http_stub_status_module --with-http_addition_module --with-http_degradation_module --with-http_flv_module --with-http_mp4_module --with-http_secure_link_module --with-http_sub_module

Description

By default nginx responds with a number of headers, for example I have a response listed below. These are a good set of defaults because they work properly with a large range of clients. However a number of these headers are unnecessary for conforming HTTP 1.1 clients and it would be nice to be able to remove them.

Example Response:

HTTP/1.1 200 OK
Server: nginx/1.4.7
Date: Mon, 28 Apr 2014 19:07:11 GMT
Content-Type: text/html
Content-Length: 2820
Last-Modified: Wed, 23 Apr 2014 20:22:58 GMT
Connection: keep-alive
ETag: "53582122-b04"
Accept-Ranges: bytes

For example 'Connection: keep-alive' is not a standard header and it assumed for HTTP 1.1 servers. 'Accept-Ranges: bytes' is unnecessary and some people consider sending a 'Server' bad practice because it can attract automated attacks for known vulnerabilities.

The http_headers_more module can modify and remove some headers but some are always set by the server. It would be nice to have a solution that can modify *any* header.

Change History (1)

comment:1 by Maxim Dounin, 6 years ago

Resolution: wontfix
Status: newclosed

There are no plans to add an ability to modify any header.

Note: See TracTickets for help on using tickets.