Reputation: 46470
HTTP Response Header to identify actual server that responded to request
I was about to add an HTTP header to all responses in our web application that would identify which physical node behind our load balancer has serviced the request.
I thought maybe there's a standard (or de facto standard) header that has been traditionally used for this purpose.
Is there?
Upvotes: 2
Views: 1192
Answers (1)
Reputation: 666
One potential response header you could use is the "Server" header. By RFC 2616, we can see that it's used to identify the software and any sub-products being used to handle the request and it should not be mutated by any proxies/ load balancers between the server and the client.
Typically this shows information some suggest is sensitive (name & version number of the HTTP server). Many suggest removing the Server header entirely to improve security (see this Stack Overflow question about someone doing this).
You could almost view this as killing two birds with one stone: giving you some way of identifying the server used to process requests on your side and lightly obfuscating the server for attackers satisfying certain security concerns (though, FWIW, I'm not convinced of the value of this from a security perspective, but it's worth mentioning).
Upvotes: 2
Related Questions
- How can I get the clients IP address from HTTP headers?
- Determine IP to which HTTP request was addressed in http.Handler
- HAProxy - Add response header to indicate the server that was chosen
- The use of HTTP headers
- Ways to find out source of a HTTP request?
- Get IP-address of HTTP client
- php detect/ get the sender url (or server) of post request
- Is there a default http request header to identify the user making a request?
- Is it possible to reliably know where an HTTP request originated without scripting?
- Find out client IP through proxy