https://community.qlik.com/t5/QlikView/Disabling-Server-disclosure-in-the-HTTP-response-header/m-p/445983#M1304837 <HTML><HEAD></HEAD><BODY><P>Hi Angus,</P><P></P><P>there is little benefit in hiding the server details in the response details. It's still possible to determine the WebServer by profiling the responses. If you still want to do this you can disable the header by setting a registry key</P><P><A href="http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx" title="http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx">Remove Unwanted HTTP Response Headers - varunm - Site Home - MSDN Blogs</A></P><P></P><P>I'd suggest that you're better off enabling SSL, disabling the insecure protocols and making sure the host is patched.</P><P>On that front be aware that there is a critical bug in HTTP.sys that was published this week. Patch Now!</P><P><A href="https://technet.microsoft.com/library/security/ms15-034" title="https://technet.microsoft.com/library/security/ms15-034">https://technet.microsoft.com/library/security/ms15-034</A></P><P><A href="https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12" title="https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12">https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12</A> (Also works for QVWS)</P><P></P><P></P><P>Cheers,</P><P>Philip</P></BODY></HTML> Thu, 16 Apr 2015 09:39:29 GMT 2015-04-16T09:39:29Z https://community.qlik.com/t5/QlikView/Disabling-Server-disclosure-in-the-HTTP-response-header/m-p/445981#M1304832 <HTML><HEAD></HEAD><BODY><P>Hi folks,</P><P></P><P>is there a way to configure the QlikView webserver so that it doesn't disclose server version information (e.g. "Server: Microsoft-HTTPAPI/1.0") in HTTP response headers?</P><P></P><P>Our security team have identified this as a vulnerability (albeit a low-likelihood one), so I need to at least check if this is possible. </P><P></P><P>Thanks,</P><P></P><P>Angus.</P></BODY></HTML> Mon, 26 Jan 2026 18:19:17 GMT https://community.qlik.com/t5/QlikView/Disabling-Server-disclosure-in-the-HTTP-response-header/m-p/445981#M1304832 gussfish 2026-01-26T18:19:17Z https://community.qlik.com/t5/QlikView/Disabling-Server-disclosure-in-the-HTTP-response-header/m-p/445982#M1304835 <HTML><HEAD></HEAD><BODY><P>You could try using IIS, I bet it's easier to configure to handle that.</P></BODY></HTML> Tue, 22 Jan 2013 23:05:44 GMT https://community.qlik.com/t5/QlikView/Disabling-Server-disclosure-in-the-HTTP-response-header/m-p/445982#M1304835 danielrozental 2013-01-22T23:05:44Z https://community.qlik.com/t5/QlikView/Disabling-Server-disclosure-in-the-HTTP-response-header/m-p/445983#M1304837 <HTML><HEAD></HEAD><BODY><P>Hi Angus,</P><P></P><P>there is little benefit in hiding the server details in the response details. It's still possible to determine the WebServer by profiling the responses. If you still want to do this you can disable the header by setting a registry key</P><P><A href="http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx" title="http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx">Remove Unwanted HTTP Response Headers - varunm - Site Home - MSDN Blogs</A></P><P></P><P>I'd suggest that you're better off enabling SSL, disabling the insecure protocols and making sure the host is patched.</P><P>On that front be aware that there is a critical bug in HTTP.sys that was published this week. Patch Now!</P><P><A href="https://technet.microsoft.com/library/security/ms15-034" title="https://technet.microsoft.com/library/security/ms15-034">https://technet.microsoft.com/library/security/ms15-034</A></P><P><A href="https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12" title="https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12">https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12</A> (Also works for QVWS)</P><P></P><P></P><P>Cheers,</P><P>Philip</P></BODY></HTML> Thu, 16 Apr 2015 09:39:29 GMT https://community.qlik.com/t5/QlikView/Disabling-Server-disclosure-in-the-HTTP-response-header/m-p/445983#M1304837 2015-04-16T09:39:29Z