"server" headers still showing even after checking the option Server Signature = Hide Full Header

#1
Hello all,

As the topic says, even with the option enable Server Configuration > General-> General Settings - Server Signature = Hide Full Header I still can see the ''sever'' header being shows as LiteSpeed.

Hers is the output from curl command (I replaced my actual website with mywebsite.com):

curl -I https://wemybsite.com
HTTP/2 200
x-dns-prefetch-control: on
content-type: text/html; charset=UTF-8
link: <https://wemybsite.com/wp-json/>; rel="https://api.w.org/"
link: <https://wemybsite.com/wp-json/wp/v2/pages/2025>; rel="alternate"; type="application/json"
link: <https://wemybsite.com/>; rel=shortlink
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests;connect-src *
referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
permissions-policy: geolocation=(self)
set-cookie: __Host-sess=123; path=/; Secure; HttpOnly; SameSite=Strict
access-control-allow-origin: https://wemybsite.com
access-control-allow-methods: GET, POST, HEAD, OPTIONS
etag: "43792763-1704547239;;;"
x-qc-cache: miss
date: Sat, 06 Jan 2024 13:20:39 GMT
server: LiteSpeed
x-qc-pop: EU-DE-BER-390
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

I can see the same results from the https://securityheaders.com/ for example.

The service has been restarted (LSWS), even I rebooted the Linux server and cleared the LSWS Cache (purged all), but I can still see this header.
I am using OpenLiteSpeed + Quick.cloud the my domain in question.
 

Cold-Egg

Administrator
#2
Because it is returned by the Quic Cloud server, not from the origin server. If you bypass the CDN, then you should see the difference.
 
#3
Because it is returned by the Quic Cloud server, not from the origin server. If you bypass the CDN, then you should see the difference.
Ohh OK. I guess it would be a good option if some of the headers could be overwritten, but this shroud be addressed to QuickCloud CDN I guess.

Thank you.
 
Top