Hacker News new | past | comments | ask | show | jobs | submit login

Caddy is great. My only complaint is they insist on sending a:

    Server: caddy
Header that is impossible to turn off since it's hardcoded here: https://github.com/caddyserver/caddy/blob/master/modules/cad...

The developer's annoying response is "it doesnt improve privacy or security, so we won't give you the option to remove it".




It's not impossible to turn off. NGINX does this too, but you have to recompile NGINX to disable that header.

With Caddy, you just need:

    header -Server
in your config.


This doesnt work for http redirects to https. I couldn't find any way to disable the server header in those responses without patching.


They insist on adding it to the standard response path, but they're happy for you to remove it:

    header -Server
However as this isn't global configuration it'll tend to pop back up in implicit configs like HTTP redirects and error handling if not overridden.


Is it possible to disable it on http redirects? I haven't found any way to do that




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: