To view header information you can use iehttpheaders utility along with your IE or Mozilla.
http://www.blunck.info/iehttpheaders/iehttpheaders.html -- This is a free utility which can be easily installed on IE or Mozilla.
Once this is installed, activate the utility and try accessing your applications, My web applications lists the header as below,
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Set-Cookie: JSESSIONID=2a7e464c4de0a32e4a6e8addb59919a8af244f235ecc37aa185866437ac9d56b.e3iOb3eMbheMe34Mb30MbxuSa3f0n6jAmljGr5XDqQLvpAe; path=/
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=77909460152,0)
Content-Length: 166
Date: Tue, 10 May 2011 08:02:09 GMT
If you look at header "Server", this lists both Application Server version and Web Cache server version.
To know how to remove Application Server (9iAS/10gAS) follow my article Application Reveals Webserver name and Version in HTTP Response or WebServer Banner NOT Masked.
To remove Web Cache Version from the header information modify webcache.xml under $ORACLE_HOME/webcache directory as specified below.
Under <SECURITY> tag add the following line before the end of tag </SECURITY>
<SERVERTOKENS LEVEL="NONE"/>
Once this parameter is set, restart webcache. Once done check the header information again and you should see the header as below,
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Set-Cookie: JSESSIONID=2a7e464c4de0a32e4a6e8addb59919a8af244f235ecc37aa185866437ac9d56b.e3iOb3eMbheMe34Mb30MbxuSa3f0n6jAmljGr5XDqQLvpAe; path= Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-10g Oracle-HTTP-Server OracleAS-Web-Cache-10g (N;ecid=77909460152,0)
Content-Length: 166
Date: Tue, 10 May 2011 08:02:09 GMT
To entirely remove "Server" entry from the header
Add the following line at the end of httpd.conf file and restart Apache services.
ServerHeader Off
Once this is done check the header information using iehttpheaders,
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Set-Cookie: JSESSIONID=2a7e464c4de0a32e4a6e8addb59919a8af244f235ecc37aa185866437ac9d56b.e3iOb3eMbheMe34Mb30MbxuSa3f0n6jAmljGr5XDqQLvpAe; path= Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Content-Length: 166
Date: Tue, 10 May 2011 08:02:09 GMT
http://www.blunck.info/iehttpheaders/iehttpheaders.html -- This is a free utility which can be easily installed on IE or Mozilla.
Once this is installed, activate the utility and try accessing your applications, My web applications lists the header as below,
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Set-Cookie: JSESSIONID=2a7e464c4de0a32e4a6e8addb59919a8af244f235ecc37aa185866437ac9d56b.e3iOb3eMbheMe34Mb30MbxuSa3f0n6jAmljGr5XDqQLvpAe; path=/
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=77909460152,0)
Content-Length: 166
Date: Tue, 10 May 2011 08:02:09 GMT
If you look at header "Server", this lists both Application Server version and Web Cache server version.
To know how to remove Application Server (9iAS/10gAS) follow my article Application Reveals Webserver name and Version in HTTP Response or WebServer Banner NOT Masked.
To remove Web Cache Version from the header information modify webcache.xml under $ORACLE_HOME/webcache directory as specified below.
Under <SECURITY> tag add the following line before the end of tag </SECURITY>
<SERVERTOKENS LEVEL="NONE"/>
Once this parameter is set, restart webcache. Once done check the header information again and you should see the header as below,
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Set-Cookie: JSESSIONID=2a7e464c4de0a32e4a6e8addb59919a8af244f235ecc37aa185866437ac9d56b.e3iOb3eMbheMe34Mb30MbxuSa3f0n6jAmljGr5XDqQLvpAe; path= Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-10g Oracle-HTTP-Server OracleAS-Web-Cache-10g (N;ecid=77909460152,0)
Content-Length: 166
Date: Tue, 10 May 2011 08:02:09 GMT
To entirely remove "Server" entry from the header
Add the following line at the end of httpd.conf file and restart Apache services.
ServerHeader Off
Once this is done check the header information using iehttpheaders,
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Set-Cookie: JSESSIONID=2a7e464c4de0a32e4a6e8addb59919a8af244f235ecc37aa185866437ac9d56b.e3iOb3eMbheMe34Mb30MbxuSa3f0n6jAmljGr5XDqQLvpAe; path= Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Content-Length: 166
Date: Tue, 10 May 2011 08:02:09 GMT
Comments