From e3667943bd4cd1ac903984872d8ceb54a57c6a27 Mon Sep 17 00:00:00 2001
From: Maria Martinez <77364706+mamartinezmejia@users.noreply.github.com>
Date: Wed, 20 Dec 2023 11:29:06 -0800
Subject: [PATCH] fix(FSADT1-1084): Unnecessary Http Response Headers found in
 the Application (#690)

---
 backend/src/main/java/ca/bc/gov/app/filter/CorsWebFilter.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/backend/src/main/java/ca/bc/gov/app/filter/CorsWebFilter.java b/backend/src/main/java/ca/bc/gov/app/filter/CorsWebFilter.java
index 3e8dea999b..08732a9d91 100644
--- a/backend/src/main/java/ca/bc/gov/app/filter/CorsWebFilter.java
+++ b/backend/src/main/java/ca/bc/gov/app/filter/CorsWebFilter.java
@@ -69,6 +69,10 @@ public Mono<Void> filter(ServerWebExchange ctx, WebFilterChain chain) {
     
     headers.add("Strict-Transport-Security", 
                 "max-age=300; includeSubDomains");
+    
+    headers.remove("Server");
+    
+    headers.remove("X-Powered-By");
 
     if (CorsUtils.isPreFlightRequest(request)) {
       response.setStatusCode(HttpStatus.NO_CONTENT);