I am trying to remove the "x-powered-by" header from all Node-RED API responses because of a pentest finding.
As I see this should have already been done:
But it seems, that for theme path the header is still set.
https://localhost:1880/theme
https://localhost:1880/theme/login/node-red-256-P.png
Response-Header:
X-Powered-By: Express
Node v16.20.0
Node-RED v3.0.2