Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
faical
Staff
Staff

Created on ‎03-28-2025 06:39 AM Edited on ‎03-31-2025 04:12 AM By Community Manager

Article Id 385256

Technical Tip: How to delete HTTP headers with server information

Description

The article explains how to delete any details pointing to a web server name and type.
Scope

FortiWeb.
Solution

FortiWeb can be configured to remove an HTTP header by using a URL Rewriting Policy.

In most cases, details about the server end are set on the headers like 'Server' and 'X-Powered-By' which can be configured on the URL Rewriting Rule as shown below:

 

delete_header.png

 

The filter of the URL Rewriting Policy/Rule can be the HTTP Host (in this example Server IP, but in general a domain name can be used depending on how Web Server is accessed).

 

Notes:

  • URL Rewriting Policy/Rule should be applied to the Policy/Web Protection Profile.
  • 'Remove Duplicate Headers' to be enabled as some Web Servers return multiple 'X-Powered-By' headers.

 

Related document:
Rewriting & redirecting
605
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.