Hello all,
As the topic says, even with the option enable Server Configuration > General-> General Settings - Server Signature = Hide Full Header I still can see the ''sever'' header being shows as LiteSpeed.
Hers is the output from curl command (I replaced my actual website with mywebsite.com):
curl -I https://wemybsite.com
HTTP/2 200
x-dns-prefetch-control: on
content-type: text/html; charset=UTF-8
link: <https://wemybsite.com/wp-json/>; rel="https://api.w.org/"
link: <https://wemybsite.com/wp-json/wp/v2/pages/2025>; rel="alternate"; type="application/json"
link: <https://wemybsite.com/>; rel=shortlink
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests;connect-src *
referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
permissions-policy: geolocation=(self)
set-cookie: __Host-sess=123; path=/; Secure; HttpOnly; SameSite=Strict
access-control-allow-origin: https://wemybsite.com
access-control-allow-methods: GET, POST, HEAD, OPTIONS
etag: "43792763-1704547239;;;"
x-qc-cache: miss
date: Sat, 06 Jan 2024 13:20:39 GMT
server: LiteSpeed
x-qc-pop: EU-DE-BER-390
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
I can see the same results from the https://securityheaders.com/ for example.
The service has been restarted (LSWS), even I rebooted the Linux server and cleared the LSWS Cache (purged all), but I can still see this header.
I am using OpenLiteSpeed + Quick.cloud the my domain in question.
As the topic says, even with the option enable Server Configuration > General-> General Settings - Server Signature = Hide Full Header I still can see the ''sever'' header being shows as LiteSpeed.
Hers is the output from curl command (I replaced my actual website with mywebsite.com):
curl -I https://wemybsite.com
HTTP/2 200
x-dns-prefetch-control: on
content-type: text/html; charset=UTF-8
link: <https://wemybsite.com/wp-json/>; rel="https://api.w.org/"
link: <https://wemybsite.com/wp-json/wp/v2/pages/2025>; rel="alternate"; type="application/json"
link: <https://wemybsite.com/>; rel=shortlink
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests;connect-src *
referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
permissions-policy: geolocation=(self)
set-cookie: __Host-sess=123; path=/; Secure; HttpOnly; SameSite=Strict
access-control-allow-origin: https://wemybsite.com
access-control-allow-methods: GET, POST, HEAD, OPTIONS
etag: "43792763-1704547239;;;"
x-qc-cache: miss
date: Sat, 06 Jan 2024 13:20:39 GMT
server: LiteSpeed
x-qc-pop: EU-DE-BER-390
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
I can see the same results from the https://securityheaders.com/ for example.
The service has been restarted (LSWS), even I rebooted the Linux server and cleared the LSWS Cache (purged all), but I can still see this header.
I am using OpenLiteSpeed + Quick.cloud the my domain in question.
