0

We're dealing with a legacy application that emitted an HTML blurb. This HTML blurb was previously consumed by a web browser. Now we're turning (a new instance of) it into a service and bringing it into the intranet, inside the corporate firewall to be consumed by automated clients.

The code was returning HTTP Code 200 OK for Not Found situations, alongside with some HTML explaining that the information could not be found. We're considering returning a 404 Not Found code, but we want some way to tell responses from the application and from the web server apart (in case something gets misconfigured and the app can no longer be reached).

Now we get to the meat of the question: should we change de X-Powered-By header in the application? Do web servers and proxies respect that? We can certainly test our current web server. But can we count on future server updates/changes to respect this behaviour? Is this header governed by any spec (RFC, etc.)?

Thiago Arrais
  • 33,360
  • 7
  • 30
  • 34
  • 1
    None of the web servers/proxies has to respect anything. Don't be naive, there are lots of servers that don't follow any spec. But then again you (i.e. your company) should have control over your own proxies, right? So just check your configs. Also why don't you use some other, not used header? – freakish Feb 24 '16 at 13:24
  • That's what we should end up with at the end of the day. I'm asking pretty much just out of curiosity. Anyway... in case there is a "strong" case for X-Powered-By, I think that using a "standard" header is generally better. – Thiago Arrais Feb 24 '16 at 13:30
  • 1
    `X-` headers are by no means standard. AFAIK they are not even mentioned in any spec. I don't think there is any reason to stick to it. Especially since the meaning of X-Powered-By is a bit different - it should point to a tech you are using. – freakish Feb 24 '16 at 13:37
  • I meant "de facto standard", but OK. I agree with you. Point taken. I'm still curious on others' opinions on this. – Thiago Arrais Feb 24 '16 at 16:57
  • Related question (maybe duplicate?): http://stackoverflow.com/questions/23267329/discriminating-between-infrastructure-and-business-logic-when-using-http-status/23281653#23281653 – Thiago Arrais Feb 24 '16 at 17:16

0 Answers0