Remove X_POWERED_BY Header in JBoss EAP6

First you have to disable it in standalone.xml by adding jsp-configuration x-powered-by=”false”. Here┬áthe relevant part of my config:

<subsystem xmlns="urn:jboss:domain:web:1.5" default-virtual-server="default-host" native="false">
  <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
  <virtual-server name="default-host" enable-welcome-root="false">
    <alias name="localhost"/>
  </virtual-server>
  <configuration>
    <jsp-configuration x-powered-by="false"/>
  </configuration>
</subsystem>

Or with cli:

/subsystem=web/configuration=jsp-configuration:write-attribute(name=x-powered-by,value=false)

In a JSF application you have to add the following context param:

<context-param>
    <param-name>com.sun.faces.sendPoweredByHeader</param-name>
    <param-value>false</param-value>
</context-param>

Then start your server and the header should be gone.

Leave a Reply