Want to mask "server: Google Frontend" in Google Load Balancer

nishith · August 26, 2025, 4:34pm

In GCP, we’ve hosted “app engine” behind a load balancer.

TLS 1.2 & 1.3 custom policy has been applied.

Load Balancer’s Public IP has been mapped with a unique domain name.

While accessing the domain URL from outside, I’m getting “server: Google Frontend”.

The command is as shown below.

curl -I https://abc.com HTTP/2 200 strict-transport-security: max-age=31536000; includeSubDomains; always x-content-type-options: nosniff x-frame-options: SAMEORIGIN date: Tue, 26 Aug 2025 16:15:06 GMT etag: “4JxE6A” x-cloud-trace-context: fc52c13b3502329eabada2994c8053d1;o=1 content-type: text/html server: Google Frontend content-length: 703 via: 1.1 google cache-control: public,max-age=600 alt-svc: h3=“:443”; ma=2592000,h3-29=“:443”; ma=2592000

Solution Required:

I want to hide/mask “server: Google Frontend“ or replace it with “Server” only, so that external hacker can’t get the actual header value.

Please Guide.

kensan · August 26, 2025, 8:49pm

Hi @nishith,

It is not possible to directly hide the “Server: Google Frontend” header on Google Cloud Load Balancers when using Google-managed SSL, as this header is an integral part of Google’s infrastructure. Instead, prioritize robust security measures such as strong TLS policies, comprehensive security headers, and the implementation of Cloud Armor for enhanced protection.

Topic		Replies	Views
Configured Load Balancer with SSL Certificate & Domain Name but how to restrict loadbalancer IP Compute Infrastructure compute-engine , server-configuration	1	10	June 6, 2022
Can I disable TLS 1.3 on HTTPS Load Balancer? Compute Infrastructure server-configuration	2	22	December 14, 2022
HTTPS response headers for Cloud Load Balancer redirects Compute Infrastructure server-configuration	2	23	June 24, 2021

Want to mask "server: Google Frontend" in Google Load Balancer

AI Suggested topics