3

I have a problem with an app in Zend Framework (1).

In a specific action I try to remove some headers but in response I still recieve those headers:

    $this->getResponse->clearAllHeaders()
                      ->clearRawHeaders();
    $this->getResponse->setHeader('A-Header', 'headervalue');

I expect the response to be:

    HTTP/1.1 XXX Some HTTP status code
    A-Header: headervalue

but it is:

   HTTP/1.1 XXX Some HTTP status code
   Date: Sun, 14 Apr 2013 16:26:59 GMT
   Server: Apache/2.2.16 (Debian)
   X-Powered-By: PHP/5.3.3-7+squeeze15
   Vary: Accept-Encoding
   Content-Length: 0
   Content-Type: text/html

How can I delete Date, Server, X-Powered-By, Vary, Content-Lenght, Content-Type? At least the Content* headers.

Thank you

Improve this question
4
  • In which part of the application do you clear them? Commented Apr 14, 2013 at 17:00
  • Hi zavg. I tried to do this in several points - did that in a specific action, in postDispatch hook, in dispatchLoopShutdown hook. But without success... Commented Apr 14, 2013 at 17:11
  • Why do you want to do this? Apart from X-Powered-By, those headers each serve a purpose. Commented Apr 15, 2013 at 9:43
  • Hello Tim Fountain. I implement an authorization framework and the specs states that only several headers must be present. So I did not undersand well if I must strip out other headers... so in doubt I asked. BTW if there is a method (zned provides it) to remove a header... why I cannot remove it? At least the method should return some error code... nothing! Thank you! closing... Commented Apr 15, 2013 at 15:27

1 Answer 1

Reset to default
7

Those headers are appended by Apache.

You can use mod_headers to control its behavior though:

http://httpd.apache.org/docs/2.2/mod/mod_headers.html

Example:

<IfModule mod_headers.c>
  Header unset Server
  Header unset X-Powered-By
</IfModule>
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

You're gonna need mod_mime and use the RemoveType directive. but i'm not sure it will let you strip off the Date and Content-Length as those are required by HTTP standards.
Also make sure you use ServerSignature Off and SeverTokens Prod.
Thank you. Did what you said and only X-Powered-By is stripped off. Also putting ServerSignature Off and ServerTokens Prod gave me the header Server: Apache. Without specifying what version it is.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.