You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the server seems to answer every request with the exact version of falcon that served the request: server: falcon/0.19.5. I do get that you guys are (rightfully!) proud of your work, but I would strongly prefer to not advertise that my application uses a specific version of your product. At the very least I see no reason to make things easier for automated malware frameworks in case of possible security issues. Maybe you could at least add an option to suppress the exact version?
The text was updated successfully, but these errors were encountered:
The reason for that header is according to the RFC.
That being said, we could certainly have an option to skip it or maybe remove it entirely. Honestly, it doesn't add very much and you are right it's a vector for fingerprinting.
Currently the server seems to answer every request with the exact version of falcon that served the request:
server: falcon/0.19.5
. I do get that you guys are (rightfully!) proud of your work, but I would strongly prefer to not advertise that my application uses a specific version of your product. At the very least I see no reason to make things easier for automated malware frameworks in case of possible security issues. Maybe you could at least add an option to suppress the exact version?The text was updated successfully, but these errors were encountered: