security concerns require Masking Server header in CA Access Gateway Response headers to prevent it from disclosing information
This article discusses if this is feasible
CA Access Gateway 12.8.x
The headers of the answer provided by the CA Access Gateway are controlled by the Apache component of CA Access Gateway
There are several articles in the literature dealing with removing the headers from Apache. In particular, the following article describes how to remove some headers from Apache
https://ubiq.co/tech-blog/remove-server-name-apache-response-header/
In reference to the mentions done in the previous article, there is one more item describing the ServerTokens configuration
https://httpd.apache.org/docs/2.4/mod/core.html#servertokens
Conclusion : Customization cannot be made beyond what is specified in those official articles by Apache. In particular it follows from them that it is impossible to totally suppress the Server response header.
It may be tailored to just show it is Apache that is responding, but not to make any indication totally disappear.