My Oracle Support Banner

Removing Opensso Version as X-DSAMEVersion Attribute From the Http Headers (Doc ID 1442144.1)

Last updated on MARCH 08, 2017

In this Document

This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.


When accessing Sun Access Manager 7.x or OpenSSO 8.0 for authentication, OpenSSO adds the "X-DSAMEVersion" attribute into the HTTP Headers in the response that is sent back to the user.
Some people might find this as being a sensitive information about the version and name of security product (Sun AM/OpenSSO in this case) that they are running with, and some would like the product to possibly remove this info as captured from the HTTP Headers.
An example from a captured info of this as from the HTTP Headers is :

"X-DSAMEVersion: Oracle OpenSSO 8.0 Update 2 Patch1 Build 6.1(2010-November-11 07:56)"


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.