Remove the HTTP Server header in Jetty 9

Question

This is how you hide the server version in Jetty 8:

Server server = new Server(port);
server.setSendServerVersion(false);

How do you do it

Answer 1

Some security analysis software will flag sending the server version in the response header as an issue.

OP was looking for solution for embedded, but if your Jetty deployment uses the server.ini file, you can simply set jetty.send.server.version=false

Answer 2

If you use jetty9 as a standalone server you can disable the server signature by setting jetty.httpConfig.sendServerVersion=false in the file start.ini.

Answer 3

in jetty9.2, change this config to false in start.ini

# should jetty send the server version header?
jetty.send.server.version=true

Answer 4

In Jetty 9, you need to configure it on HttpConfiguration:

HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSendServerVersion( false );
HttpConnectionFactory httpFactory = new HttpConnectionFactory( httpConfig );
ServerConnector httpConnector = new ServerConnector( server,httpFactory );
server.setConnectors( new Connector[] { httpConnector } );

Answer 5

Lambda-style variant of Jacob's solution (which worked for me):

final Server server = new Server(port);
Stream.of(server.getConnectors()).flatMap(connector -> connector.getConnectionFactories().stream())
            .filter(connFactory -> connFactory instanceof HttpConnectionFactory)
            .forEach(httpConnFactory -> ((HttpConnectionFactory)httpConnFactory).getHttpConfiguration().setSendServerVersion(false));

Answer 6

If worked out some code that seems to work. Not sure if its right, but at least it works (:

Server server = new Server(port);
for(Connector y : server.getConnectors()) {
    for(ConnectionFactory x  : y.getConnectionFactories()) {
        if(x instanceof HttpConnectionFactory) {
            ((HttpConnectionFactory)x).getHttpConfiguration().setSendServerVersion(false);
        }
    }
}