It can be observed that the Server header in the HTTP response reveals the running version from Server: Apache-Coyote/1.1. After intercepting the response, it can be observed that the response header is showing information disclosure. How can we configure the web server such that sensitive response headers are not visible in the response?

All supported versions of the API Gateway

Step 1: Connect to the policy manager for your SSG
Step 2: Go to Tasks --> Manage Listen Ports 
Step 3: Click on the port you are connecting over, choose "Properties", and choose the "Advanced" tab.
Step 4: Click the "Add" button in the bottom right, the "Property Name" will be "server" and the value will be whatever you want to return in your response