How to prevent Gunicorn from returning a 'Server' http header?

Question

I would like to mask the version or remove the header altogether.

Answer 1

To change the 'Server:' http header, in your conf.py file:

 import gunicorn
 gunicorn.SERVER_SOFTWARE = 'Microsoft-IIS/6.0'

And use an invocation along the lines of gunicorn -c conf.py wsgi:app

To remove the header altogether, you can monkey-patch gunicorn by replacing its http response class with a subclass that filters out the header. This might be harmless, but is probably not recommended. Put the following in conf.py:

from gunicorn.http import wsgi

class Response(wsgi.Response):
    def default_headers(self, *args, **kwargs):
        headers = super(Response, self).default_headers(*args, **kwargs)
        return [h for h in headers if not h.startswith('Server:')]

wsgi.Response = Response

Tested with gunicorn 18

Answer 2

For newer releases (20.0.4): Create a gunicorn.conf.py file with the content below in the directory from where you will run the gunicorn command:

import gunicorn
gunicorn.SERVER_SOFTWARE = 'My WebServer'

Answer 3

This hasn't been clearly written here so I'm gonna confirm that the easiest way for the latest version of Gunicorn (20.1.x) is to add following lines into configuration file:

import gunicorn 
gunicorn.SERVER = 'undisclosed'