Skip to content

Configure Web Container

Remove HTTP header x-powered-by: Servlet 3.0

One security best practice is to hide the used software for your service as good as you can. This prevents or at least makes it harder to search for known exploits.

Each WebSphere Application Server adds the HTTP header 'x-powered-by' to each response, and so it is easy to find out that WebSphere is used in the backend.

To remove this header, you have to add the following custom property to each Application Server > Web Container. true

Or you can use the script ibmcnx/config/ to add this property to each of your application servers.