diff --git a/server/src/main/resources/application.conf b/server/src/main/resources/application.conf index e80cd716b4e..3bdacceb8ee 100644 --- a/server/src/main/resources/application.conf +++ b/server/src/main/resources/application.conf @@ -8,8 +8,12 @@ akka { server { request-timeout = 40s bind-timeout = 5s + # By default, akka includes an HTTP header in responses that looks like: + # server=akka-http/10.20.1 + # For better app sec, we suppress this to make it harder for attackers to learn about our system. + # Akka doc: https://doc.akka.io/docs/akka-http/current/configuration.html + server-header = "" } - client.connecting-timeout = 40s # Inspired by https://broadworkbench.atlassian.net/browse/CROM-6738