1. Caddy version (caddy version
):
v2.4.3
2. How I run Caddy:
systemctl start caddy
a. System environment:
Platform: Linux 5.10.60-1-lts
Distribution: Arch Linux
Service Manager/Init: systemd
c. Service/unit/compose file:
No Docker, and using default unit file package by Arch Linux.
d. My complete Caddyfile or JSON config:
shaarli.example.org {
root * /var/www/shaarli
php_fastcgi 127.0.0.1:9000
file_server
encode zstd gzip
header {
Server Pineapple
Strict-Transport-Security max-age=31536000;
Content-Security-Policy default-src 'self';
Permissions-Policy interest-cohort=()
vary Accept-Encoding
X-Content-Type-Options nosniff
X-UA-Compatible "IE=Edge"
X-Frame-Options DENY
X-Download-Options noopen
X-XSS-Protection 1; mode=block;
X-Powered-By MutantMonkeys
}
}
3. The problem I’m having:
I’m hosting a PHP project, and would like to hide the X-Powered-By header that PHP sets. The issue I’m experiencing isn’t that Caddy is unable to set the X-Powered-By header, but that I get two of these headers: the one set by PHP, and the other by Caddy.
curl sharli.example.org -v outputs:
x-powered-by: MutantMonkeys
x-powered-by: PHP/8.0.10
4. Error messages and/or full log output:
No errors in /var/log/caddy/access.log
5. What I already tried:
In my Caddyfile, under headers
, I have set X-Powered-By MutantMonkeys
6. Links to relevant resources:
A closed issue that is relevant to my question, it dates back to Caddy’s v1 days.