
Ask HN: Looking for more to strip from HTTP headers - DamonHD
I&#x27;m working on trying to ensure that the first TCP frame has some usable renderable real content for the user to read, and so far (having put my HTML head on a diet) have stripped down my HTTP response headers to this typical example:<p><pre><code>  Date: Sat, 15 Jul 2017 20:33:45 GMT
  Server: Apache
  Vary: Accept-Encoding
  Last-Modified: Sat, 15 Jul 2017 17:07:04 GMT
  Etag: &quot;1f4389-1995-5545e31eba047&quot;
  Content-Length: 6549
  Cache-Control: max-age=1382400
  Expires: Mon, 31 Jul 2017 20:33:45 GMT
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text&#x2F;html
  Content-Encoding: gzip

</code></pre>
What of those are likely to to be redundant or not useful for modern browsers (ignoring Content-* and Vary)?  I can&#x27;t get rid of Date or Server entirely; my Apache 2.2 (on my RPi) won&#x27;t let me it seems.<p>Sticking with HTTP&#x2F;1.1 over HTTP for now.
======
bl4k3
Hi Damon,

Here is a link to mod_core serversignature documentation:

[http://httpd.apache.org/docs/2.2/mod/core.html#serversignatu...](http://httpd.apache.org/docs/2.2/mod/core.html#serversignature)

Disable by placing at the bottom of your core http configuration file:

ServerSignature Off

If this doesn't work after a restart, then it's being overwritten.

Override hierarchical context for ServerSignature in Apache 2.2 is:

server config, virtual host, directory, .htaccess

Find the config file for each level and search for "ServerSignature".

If you still don't find it to work, try looking in mod_security conf files or
security conf files.

Let me know if this doesn't work. Good luck.

~~~
DamonHD
Thanks for your comment: I only just saw it!

I did manage to make further inroads and get the HTTP overhead down to ~290
bytes total.

------
DamonHD
More on the work-in-progress here:

[http://m.earth.org.uk/note-on-site-
technicals.html](http://m.earth.org.uk/note-on-site-technicals.html)

