Remove "server awselb/2.0" header from application responses

1

During a pentest of one of our apps running behind an AWS API GW the report showed that the API GW returns a "server awselb/2.0" header, which is identified as a risk by the pentesters. To my knowledge there is no way to remove/suppress such a header, but perhaps I am missing something? Is this something anybody else has ever faced?

Topics

Serverless Front-End Web & Mobile Networking & Content Delivery

Tags

Amazon API Gateway

niccogiulianelli

asked 2 months ago124 views

1 Answers

NewestMost votesMost comments

0

I am facing the same issue

AWS-User-1125538

answered 2 months ago

Relevant questions

Lambda+ALB vs Lambda+API GW
Accepted Answer
Navin GV
asked 6 months ago
Handel custom header in AWS API Gateway ?
Accepted Answer
rePost-User-8228753
asked 11 days ago
Return Count from Lambda into the "Response Header" of the API
Accepted Answer
Martin V
asked 2 years ago
API GW HTTP API: Cross Account Access via IAM
AWS-User-9158484
asked 11 days ago
secure API GW with WAF
Jess
asked 3 months ago
Create API GW Websocket API that is only accessible from within a VPC.
AWS-User-1922136
asked 2 months ago
Edge optimized API GW
Accepted Answer
AWS-User-5393626
asked a year ago
Protect HTTP Api Gateway with WAF
Jess
asked 3 months ago
Remove "server awselb/2.0" header from application responses
niccogiulianelli
asked 2 months ago
Protect and secure http API GW
Accepted Answer
Jess
asked 3 months ago