Hello everyone,
I would like to ask for your support regarding two response headers that appear in our OutSystems application:
server: outsystems
x-envoy-upstream-service-time
Our security team requires us to remove or hide these headers. Could you please advise how we can remove these headers in an OutSystems Cloud environment, or whether this is supported?
Thank you for your help!
@Tuan Duong : Is your OS hosted on premise ?
Envoy is basically a proxy server and x-envoy-upstream-service-time tells us the time spent by the upstream host processing the request and the network latency between Envoy and upstream host ( Reference : https://github.com/envoyproxy/envoy/blob/main/docs/root/configuration/http/http_filters/router_filter.rst )
If you are hosting Envoy on your premise then your network team should be able to disable these headers.
btw I suggest you to reach out OutSystems support for an official answer.
Hi @Siya, We are using ODC, and our Security team requested us to remove the following response headers:
These headers expose platform information, so the Security team wants them removed. Do you know if ODC allows removing or masking these headers? And are there any risks or technical limitations if we remove them?
Thanks!
Thanks for the clarification. I suggest you to reach out to OutSystems support on this case.