JSF Tip #59 - What does the context-param com.sun.faces.sendPoweredByHeader do?

Today we are covering what the "com.sun.faces.sendPoweredByHeader" context-param does.

Historically the JSF runtime would send the "X-Powered-By" servlet response header that would tell what the backing engine was (for Mojarra 2.2.x it would show "JSF/2.2"). To make it possible to turn this on or off this context-param was introduced. From a security perspective it would be smart to keep it off, however during development you could use it to verify what API version of JSF you are running.

Note when you are ready to go to production the "com.sun.faces.sendPoweredByHeader" context-param should be set to "false", which is the default in Mojarra 2.2 if you do not define it in your web.xml.

In your web.xml file this would look like the snippet below.


    <context-param>
        <param-name> com.sun.faces.sendPoweredByHeader</param-name>
        <param-value>false | true</param-value>
    </context-param>
        

Note the value is either "true" or "false".

Posted February 10, 2014

Up