Certified Application Security Engineer – Java (CASE-Java) — Question 11

Which of the following configurations can help you avoid displaying server names in server response header?

Answer options

• A. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort= "8443" / >
• B. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" ServerName=" disable" redirectPort="8443" / >
• C. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" Server = " " redirectPort="8443" / >
• D. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" ServerName ="null " redirectPort="8443'' / >

Correct answer: C

Explanation

Option C is correct because setting Server = " " effectively removes the server name from the response header. Options A, B, and D do not achieve this goal; A does not modify the server name, B incorrectly attempts to disable it but is not supported, and D sets the ServerName to 'null', which may still display a server name in the response.