The headers we don’t want

Some unnecessary HTTP headers you want to avoid:

  • Vanity headers such as server, x-powered-by and via offer little value to end-users or developers but at worst they divulge sensitive information.
  • Some headers, such as p3p, expires, x-frame-options and x-ua-compatible, represent deprecated standards.
  • Headers that are only useful to debug data but are not recognized by any browser, such as x-cache, x-request-id, x-aspnet-version, x-amzn-requestID. As a developer, you may want to keep them on but know that removing them makes no difference to how your pages are rendered.
  • x-robots-tag is a non-browser header only useful when the requesting agent is a crawler.

Full post here, 7 mins read