Skip to Main Content
Customer Feedback

We love feedback from you on our products and the problems in your daily work that you would like us to solve. Please describe the challenge you're encountering and your desired outcome. Be as detailed as possible.

For technical issues or bugs please head to Support or our Developer Community. You can assign up to 20 votes in total. Thank you for your feedback.

Status explanation: 'Future Consideration' = Continuing to collect further feedback, not planned at this time. 'Investigating' = Prioritized for deeper customer and feasibility investigations ahead of planning development.

Status Will not implement
Created by Guest
Created on Sep 19, 2023

Remove Server Name values from Response Headers on DXP Environments

As a Website Security Analyst, we want to prevent information relating to the server name being leaked on the website via the response headers so that we can prevent attackers from gaining a greater understanding of the environment which our website applications and using this information to potentially launch attacks.

Currently, on Optimizely DXP websites, when accessing the response headers for a website, the server name value "Cloudflare" is shown in the response header which leaks this information.

Can this be fixed/looked into please. This has been highlighted in a penetration site audit on our sites which has a urgent deadline to be resolved.

If you have any questions, please let me know

Kind Regards