First you have to disable it in standalone.xml by adding jsp-configuration x-powered-by=”false”. Here the relevant part of my config:
<subsystem xmlns="urn:jboss:domain:web:1.5" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<virtual-server name="default-host" enable-welcome-root="false">
<alias name="localhost"/>
</virtual-server>
<configuration>
<jsp-configuration x-powered-by="false"/>
</configuration>
</subsystem>
Or with cli:
/subsystem=web/configuration=jsp-configuration:write-attribute(name=x-powered-by,value=false)
In a JSF application you have to add the following context param:
<context-param>
<param-name>com.sun.faces.sendPoweredByHeader</param-name>
<param-value>false</param-value>
</context-param>
Then start your server and the header should be gone.