This article focuses on handling where clients enquire about removing the SERVER header from the response headers from CloudFront.
Though at present it is not possible to completely remove the Server Header, we can either mask the server information by using the header value to None or any custom value using CloudFront Function or use the response header policy to remove the SERVER header and CloudFront will add a ‘Server:CloudFront’ to the viewer response automatically. Below are the steps to mask the server header from the response.
- Use the Response header policy:
Add the SERVER header under the Remove header section. You can specify headers that you want CloudFront to remove from the responses it receives from the origin so the headers are not included in the responses that CloudFront sends to the viewer.
You can use a response headers policy to remove the Server and Date headers that CloudFront received from the origin so that these headers (as received from the origin) are not included in the responses that CloudFront sends to viewers.
However, if you do that, CloudFront adds its version of these headers to responses that it sends to viewers. For the Server header that CloudFront adds, the header’s value is CloudFront.
2. Add Custom Header Using Response Header Policy:
Add a custom header to the response header policy and select Origin Override. Use the value you want to mask the server header with. This option will override the header from the origin with the value of the header configured on the Response Header Policy.
References:
