Jboss AS 7 includes the following HTTP-Header for every response:

Server:Apache-Coyote/1.1

For security issues, it is good to hide this header so attackers cannot easily derivate its underlying technology (which, in this case, indicates that Java-Technology/Tomcat is used).

Possible solutions is:

Invent a new system-property "org.jboss.as.sendServerHeader" which can be set, for example, in standalone.xml:

<system-properties>
<property name="org.apache.coyote.http11.Http11Protocol.SERVER" value=""/>
<property name="org.jboss.as.sendServerHeader" value="false"/>
</system-properties>

Note:

• leaving the value of "org.apache.coyote.http11.Http11Protocol.SERVER" results in printing the Server-Header also, instead of to go away. However, with that value I can rename the Server-Header, but not deleting it.
• At first, I have thought this is a JSF-Rendering-Issue, so I created that issue here http://java.net/jira/browse/JAVASERVERFACES-2445, but it stated out that printing the Server-Header is a "application server level concern".