Our Information Security group is asking us to restrict information in the http response headers, such as internal IP addresses, internal FQDN, server version or frameworks being used.
We have Confluence setup in an evaluation environment using the built in database Tomcat web server.
I'm guessing this needs to be configured in web.xml under
C:\Program Files\Atlassian\Confluence\conf/web.xml?
Any help would be appreciated.
