The point of stripping Date and Last-modified headers is that HTTP
fingerprinting tools look at things like header order, the formatting of
dates and times, etc.
So change the format and order. Stripping them is a protocol violation.
Alternately, does anybody know why the Server, Date, Accept-Ranges, Last-Modified, and other headers are put in last, after things like mod_headers run? Perhaps a better patch would be to move the code that adds these headers to the respose earlier in the code so that users can simply use mod_headers to strip whichever ones they want, or a module for randomizing header order could be written, etc.
They are put in last specifically to prevent them from being randomized by buggy modules.
....Roy
