Problem/Motivation
X-Generator header provides a way to know whether a site is Drupal or not and version. While this is useful for search engine other auditing purposes, this could be used by attackers to target Drupal sites. There are modules(1) and blog posts/issues (link 1, link 2, link 3, link 4) to remove this header.
Proposed resolution
we could we have an option in core which allows to remove this header and we can have it on by default?
Remaining tasks
Discuss
User interface changes
N/A
API changes
N/A
Data model changes
N/A