HTTP Headers can specify the underlying technology used by an application.
Attackers are able to perform reconnaissance on a website using these response headers.
Some headers can be used to target attacks on specific known vulnerabilities associated with the underlying technology.
Removing certain headers will prevent your application from being targeted for specific exploits by undetermined attackers.Enhanced feature with Artica v4.50 Service Pack 1 or Artica v4.50 Hotfix 20231114-23
- By default, Artica removes a dozen of the best-known headers, which is why the "header removal rules" entry displays 10 rules.
- Click on the "header removal rules" row
- If the “Default Rules” option is active.
You can view the default rules.
You cannot delete them unless you click on the button at the top left, which will remove all default rules.
- That doesn't mean you can't create your own rules.
To do so, use the "New rule" button to add unwanted headers. - Header value is case insensitive, you don't need to scrupulously respect character formatting
