You can set WAF-as-a-Service to cloak the return of an HTTP status code in a response header. This code is returned from a server if there is a problem with the browser or the server. With this code suppressed, details of your infrastructure are obscured; the client will not know whether there is a problem with the client or the server.
Cloaking features include:
- Removing banner headers, such as Server, from responses.
- Blocking client error (status code 4xx) and server error (status code 5xx) responses.
Two types of response error codes are suppressed:
400-499 (client) – Codes intended for instances when a client seems to have erred when attempting to access a Web page.
- 500-599 (server) – Codes intended to indicate that a server is aware that it has a problem or that it is unable to perform a request. Example: 500 – Internal Error.
You can also specify certain status codes that you want to allow through.
You can also set WAF-as-a-Service to remove sensitive headers from a server's response before returning it to the client. This prevents users from seeing information about your web server and operating system versions. You can specify which types of headers you want to cloak.