Suppressing Outgoing Headers

You can configure the proxy server to remove outgoing headers from the request, usually for security reasons. For example, you might want to prevent the From header from going out because it reveals the user’s email address. Or, you might want to filter out the user-agent header so external servers cannot determine what web browsers your organization uses. You may also want to remove logging or client-related headers that are to be used only in your intranet before a request is forwarded to the Internet.

This feature does not affect headers that are specially handled or generated by the proxy itself or that are necessary to make the protocol work properly, such as If-Modified-Since and Forwarded.

The forwarded header originating from a proxy is not a security problem. The remote server can detect the connecting proxy host from the connection. In a proxy chain, a forwarded header coming from an inner proxy can be suppressed by an outer proxy. Setting your servers up this way is recommended when you do not want to have the inner proxy or client host name revealed to the remote server.

To Suppress Outgoing Headers

1. Access the Server Manager, and click the Filters tab.

2. Click the Suppress Outgoing Headers link.

   The Suppress Outgoing Headers page is displayed.

3. Type a comma-separated list of request headers to be suppressed in the Suppress Headers text box.

4. Click Restart Required.

   The Apply Changes page is displayed.

5. Click the Restart Proxy Server button to apply the changes.