6 files changed, 24 insertions, 5 deletions

diff --git a/config/default.yaml b/config/default.yaml
index d2bfae2aa..7ce345e2d 100644
--- a/config/default.yaml
+++ b/config/default.yaml
@@ -288,6 +288,11 @@ security:
   frameguard:
     enabled: true
 
+  # Set x-powered-by HTTP header to "PeerTube"
+  # Can help remote software to know this is a PeerTube instance
+  powered_by_header:
+    enabled: true
+
 tracker:
   # If you disable the tracker, you disable the P2P on your PeerTube instance
   enabled: true
diff --git a/config/production.yaml.example b/config/production.yaml.example
index 0c942c5ec..877d77e01 100644
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@@ -286,6 +286,11 @@ security:
   frameguard:
     enabled: true
 
+  # Set x-powered-by HTTP header to "PeerTube"
+  # Can help remote software to know this is a PeerTube instance
+  powered_by_header:
+    enabled: true
+
 tracker:
   # If you disable the tracker, you disable the P2P on your PeerTube instance
   enabled: true
diff --git a/server.ts b/server.ts
index d1ac2d092..7bab18b0c 100644
--- a/server.ts
+++ b/server.ts
@@ -56,8 +56,13 @@ try {
 app.set('trust proxy', CONFIG.TRUST_PROXY)
 
 app.use((_req, res, next) => {
+  // OpenTelemetry
   res.locals.requestStart = Date.now()
 
+  if (CONFIG.SECURITY.POWERED_BY_HEADER.ENABLED === true) {
+    res.setHeader('x-powered-by', 'PeerTube')
+  }
+
   return next()
 })
 
diff --git a/server/initializers/checker-before-init.ts b/server/initializers/checker-before-init.ts
index 8b4d49180..74fed251c 100644
--- a/server/initializers/checker-before-init.ts
+++ b/server/initializers/checker-before-init.ts
@@ -26,7 +26,7 @@ function checkMissedConfig () {
     'user.video_quota', 'user.video_quota_daily',
     'video_channels.max_per_user',
     'csp.enabled', 'csp.report_only', 'csp.report_uri',
-    'security.frameguard.enabled',
+    'security.frameguard.enabled', 'security.powered_by_header.enabled',
     'cache.previews.size', 'cache.captions.size', 'cache.torrents.size', 'admin.email', 'contact_form.enabled',
     'signup.enabled', 'signup.limit', 'signup.requires_approval', 'signup.requires_email_verification', 'signup.minimum_age',
     'signup.filters.cidr.whitelist', 'signup.filters.cidr.blacklist',
diff --git a/server/initializers/config.ts b/server/initializers/config.ts
index 9685e7bfc..7ad258f7a 100644
--- a/server/initializers/config.ts
+++ b/server/initializers/config.ts
@@ -236,6 +236,9 @@ const CONFIG = {
   SECURITY: {
     FRAMEGUARD: {
       ENABLED: config.get<boolean>('security.frameguard.enabled')
+    },
+    POWERED_BY_HEADER: {
+      ENABLED: config.get<boolean>('security.powered_by_header.enabled')
     }
   },
   TRACKER: {
diff --git a/server/tests/api/server/config.ts b/server/tests/api/server/config.ts
index b91519660..de7c2f6e2 100644
--- a/server/tests/api/server/config.ts
+++ b/server/tests/api/server/config.ts
@@ -561,15 +561,13 @@ describe('Test config', function () {
   })
 
   it('Should remove the custom configuration', async function () {
-    this.timeout(10000)
-
     await server.config.deleteCustomConfig()
 
     const data = await server.config.getCustomConfig()
     checkInitialConfig(server, data)
   })
 
-  it('Should enable frameguard', async function () {
+  it('Should enable/disable security headers', async function () {
     this.timeout(25000)
 
     {
@@ -580,13 +578,15 @@ describe('Test config', function () {
       })
 
       expect(res.headers['x-frame-options']).to.exist
+      expect(res.headers['x-powered-by']).to.equal('PeerTube')
     }
 
     await killallServers([ server ])
 
     const config = {
       security: {
-        frameguard: { enabled: false }
+        frameguard: { enabled: false },
+        powered_by_header: { enabled: false }
       }
     }
     await server.run(config)
@@ -599,6 +599,7 @@ describe('Test config', function () {
       })
 
       expect(res.headers['x-frame-options']).to.not.exist
+      expect(res.headers['x-powered-by']).to.not.exist
     }
   })