Opened 11 years ago
Closed 11 years ago
#550 closed enhancement (wontfix)
Add method to remove or change deafult headers.
Reported by: | Kevin Cox | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | 1.5.x |
Keywords: | Cc: | ||
uname -a: | |||
nginx -V: |
nginx version: nginx/1.6.0
TLS SNI support enabled configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/bin/nginx --pid-path=/run/nginx.pid --lock-path=/run/lock/nginx.lock --user=http --group=http --http-log-path=/var/log/nginx/access.log --error-log-path=stderr --http-client-body-temp-path=/var/lib/nginx/client-body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-imap --with-imap_ssl_module --with-ipv6 --with-pcre-jit --with-file-aio --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_realip_module --with-http_spdy_module --with-http_ssl_module --with-http_stub_status_module --with-http_addition_module --with-http_degradation_module --with-http_flv_module --with-http_mp4_module --with-http_secure_link_module --with-http_sub_module |
Description
By default nginx responds with a number of headers, for example I have a response listed below. These are a good set of defaults because they work properly with a large range of clients. However a number of these headers are unnecessary for conforming HTTP 1.1 clients and it would be nice to be able to remove them.
Example Response:
HTTP/1.1 200 OK
Server: nginx/1.4.7
Date: Mon, 28 Apr 2014 19:07:11 GMT
Content-Type: text/html
Content-Length: 2820
Last-Modified: Wed, 23 Apr 2014 20:22:58 GMT
Connection: keep-alive
ETag: "53582122-b04"
Accept-Ranges: bytes
For example 'Connection: keep-alive' is not a standard header and it assumed for HTTP 1.1 servers. 'Accept-Ranges: bytes' is unnecessary and some people consider sending a 'Server' bad practice because it can attract automated attacks for known vulnerabilities.
The http_headers_more module can modify and remove some headers but some are always set by the server. It would be nice to have a solution that can modify *any* header.
There are no plans to add an ability to modify any header.