Using CF rule to remove header tagged by pen test team
Hey all, So a client of mine had a pen test early this year and the test team flagged a Via header that details what proxy (and its version) the request originated from, a well known hosting provider I might add, but said client cut an issue hoping for a solution i.e. "can you delete or modify this header in-flight?". Well I tried a "Modify Response Header" Transform Rule to no avail and it occurred to me I might be barking up the wrong header tree as said header might be exposed via the Request header as well given CF is in-between the Request / Response stream. I'm half-inclined to tell client "Don't be concerned about this." but thought I'd ask here for some feedback and or a recommendation and or a best practice if any of those options are valid or exist. Gut instinct is telling me, "It can be done you silly human" but figured it couldn't hurt asking for opnions as opposed to getting in a spin loop over a non-worky solution. Cheers and hope everyone is having a good day!
