Details
The xPoweredBy setting determines if Apache Tomcat will advertise its presence via the XPowered-By HTTP header. It is recommended that this value be set to false. The server attribute overrides the default value that is sent down in the HTTP header further masking Apache Tomcat.
Solution
1. Add the xPoweredBy attribute to each Connector specified in $CATALINA_HOME/conf/server.xml. Set the xPoweredBy attributes value to false.
Alternatively, ensure the xPoweredBy attribute for each Connector specified in $CATALINA_HOME/conf/server.xml is absent.
2. Add the server attribute to each Connector specified in $CATALINA_HOME/conf/server.xml. Set the server attribute value to anything except a blank string.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.