[racket] Web server "Server" header

From: Gregory Woodhouse (gregwoodhouse at me.com)
Date: Tue Apr 12 14:38:42 EDT 2011

The relevant section is 14.38:

14.38 Server

   The Server response-header field contains information about the
   software used by the origin server to handle the request. The field
   can contain multiple product tokens (section 3.8) and comments
   identifying the server and any significant subproducts. The product
   tokens are listed in order of their significance for identifying the

       Server         = "Server" ":" 1*( product | comment )


       Server: CERN/3.0 libwww/2.17

   If the response is being forwarded through a proxy, the proxy
   application MUST NOT modify the Server response-header. Instead, it
   SHOULD include a Via field (as described in section 14.45).

      Note: Revealing the specific software version of the server might
      allow the server machine to become more vulnerable to attacks
      against software that is known to contain security holes. Server
      implementors are encouraged to make this field a configurable

On Apr 12, 2011, at 6:28 AM, Jay McCarthy wrote:

> A few thoughts...
> Is it an error to not include this header? I'm not interested in the
> subtle advertising to log readers, so it doesn't really matter to me
> what is says.
> What's the behavior when there are two Server headers? Because you can
> just as easily pass another one in the optional header list.
> I don't like the idea of a parameter or another field in the response
> data structure, but maybe I should just add an optional argument to
> response/xexpr and then remove the automatic insertion in the code you
> quote.
> Jay

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.racket-lang.org/users/archive/attachments/20110412/850c646d/attachment.html>

Posted on the users mailing list.