Option Name:reply_header_access
Replaces:
Requires:--enable-http-violations
Default Value:none
Suggested Config:

	Usage: reply_header_access header_name allow|deny [!]aclname ...

	WARNING: Doing this VIOLATES the HTTP standard.  Enabling
	this feature could make you liable for problems which it
	causes.

	This option only applies to reply headers, i.e., from the
	server to the client.

	This is the same as request_header_access, but in the other
	direction.

	This option replaces the old 'anonymize_headers' and the
	older 'http_anonymizer' option with something that is much
	more configurable. This new method creates a list of ACLs
	for each header, allowing you very fine-tuned header
	mangling.

	You can only specify known headers for the header name.
	Other headers are reclassified as 'Other'. You can also
	refer to all the headers with 'All'.

	For example, to achieve the same behavior as the old
	'http_anonymizer standard' option, you should use:

		reply_header_access From deny all
		reply_header_access Referer deny all
		reply_header_access Server deny all
		reply_header_access User-Agent deny all
		reply_header_access WWW-Authenticate deny all
		reply_header_access Link deny all

	Or, to reproduce the old 'http_anonymizer paranoid' feature
	you should use:

		reply_header_access Allow allow all
		reply_header_access Authorization allow all
		reply_header_access WWW-Authenticate allow all
		reply_header_access Proxy-Authorization allow all
		reply_header_access Proxy-Authenticate allow all
		reply_header_access Cache-Control allow all
		reply_header_access Content-Encoding allow all
		reply_header_access Content-Length allow all
		reply_header_access Content-Type allow all
		reply_header_access Date allow all
		reply_header_access Expires allow all
		reply_header_access Host allow all
		reply_header_access If-Modified-Since allow all
		reply_header_access Last-Modified allow all
		reply_header_access Location allow all
		reply_header_access Pragma allow all
		reply_header_access Accept allow all
		reply_header_access Accept-Charset allow all
		reply_header_access Accept-Encoding allow all
		reply_header_access Accept-Language allow all
		reply_header_access Content-Language allow all
		reply_header_access Mime-Version allow all
		reply_header_access Retry-After allow all
		reply_header_access Title allow all
		reply_header_access Connection allow all
		reply_header_access Proxy-Connection allow all
		reply_header_access All deny all

	although the HTTP request headers won't be usefully controlled
	by this directive -- see request_header_access for details.

	By default, all headers are allowed (no anonymizing is
	performed).