Overview
Sonatype's server products, including Sonatype Nexus Repository and Sonatype IQ Server, include a Server response header in their HTTP responses. This header contains the product name and version.
Some users have asked why Sonatype doesn't provide an option to disable this header, especially from a security perspective.
Explanation
Sonatype considers the Server response header as a valuable aid to supporting its product. The header provides useful information for troubleshooting and support purposes. It's important to note that even if this Server header is removed or value changed to be more obscure, there are almost limitless other ways to determine if a specific application is running on an exposed port and what version of the product that is. Therefore, removing the header by justifying it as security through obscurity does not outweigh the benefits Sonatype observes by retaining it.
What Can You Do?
While Sonatype does not provide an option to disable the Server response header within its products, it is possible to remove or modify this header at a reverse proxy server level if needed by your organization.
If you disagree with Sonatype's stance on this issue, you are welcome to request an enhancement request in Sonatype's ideas portal. There is an existing customer idea for this request.
Additional Resources
For more information on how to use the Ideas portal, you can refer to this Sonatype Product Ideas Portal Help article.