Hi all,
I’ve been using Kong for the last couple of years without issues.
Currently running version 2.4.1 in db-less mode with Docker.
I’d like to remove the Kong headers to give less information to possible attackers but when following the documentation and disable them by setting the environment variable KONG_HEADERS
to off
.
This works however I see now in my Grafana Kong dashboard that the latency of the responses has increased around 100ms.
Is this the expected behavior? I didn’t think removing the headers could be so expensive…
On the other side, I’d also like to disable the Server
header in Kong but I see that in nginx-kong.conf
its enabled with proxy_pass_header Server;
Can this be achieved without issuing the Response Transformer plugin?
Thanks!