Remove HTTP Response headers in Java

Asked 2/5, 2013 at 13:40 Answered 24/6, 2015 at 8:41

Is there a way to remove HTTP response headers like Server and X-Powered-By?

My application is using a Weblogic server. I'm programming in Java using the Spring MVC framework and Hibernate, and using JSP for views.

Clisthenes answered 2/5, 2013 at 13:40 Comment(1)

What comes to my mind is write a Filter to deal with this – Richella 2/5, 2013 at 13:45

Depends on where the headers are added. If inside your app, you can use a Spring MVC Interceptor to remove them after your controller calls. If outside your app, you might be able to try a Java EE filter configured in web.xml (the example is security, but the approach will also work for your use case). If its added after that, you may want to look at your web front end (Apache, IIS, what-have-you) to configure a filter there.

UPDATE

This answer describes an approach for removing specific headers, as the HttpServletResponse interface does not allow for header removal explicitly. You will need some trial and error to determine what portion of your stack is adding the header.

Dormer answered 3/5, 2013 at 14:45 Comment(3)

headers I mentioned are not added explicitly. They are showing up in the response. Need to explicitly block them from showing to user for security purposes – Clisthenes 4/5, 2013 at 11:26

I updated. Regardless of whether it is added explicitly, you will need to determine where it's being set as a side effect. – Dormer 6/5, 2013 at 13:20

please help me on #20421829 – Matrimonial 6/12, 2013 at 11:0

If you set concrete responseHeader to null it will be removed / not seen in response headers.

Sociality answered 24/6, 2015 at 8:41 Comment(0)

Recommended topics

Hot tags