This doesn't directly answer to the question but could address the issue as well and without monkey patching gunicorn.

If you are using gunicorn behind a reverse proxy, as it usually happens, you can set, add, remove or perform a replacement in a response header coming downstream from the backend. In our case the Server header.

I guess every Webserver should have an equivalent feature.

For example, in Caddy 2 (currently in beta) it would be something as simple as:

https://localhost { reverse_proxy unix//tmp/foo.sock { header_down Server intentionally-undisclosed-12345678 } }

For completeness I still add a minimal (but fully working) Caddyfile to handle Server header modification even in manual http->https redirect process (Caddy 2 does it automatically, if you don't override it), which could a bit tricky to figure it out correctly.

http://localhost { # Fact: the `header` directive has less priority than `redir` (which means # it's evaluated later), so the header wouldn't be changed (and Caddy would # shown instead of the faked value). # # To override the directive ordering only for this server, instead of # change the "order" option globally, put the configuration inside a # route directive. # ref. # https://caddyserver.com/docs/caddyfile/options # https://caddyserver.com/docs/caddyfile/directives/route # https://caddyserver.com/docs/caddyfile/directives#directive-order route { header Server intentionally-undisclosed-12345678 redir https://{host}{uri} } } https://localhost { reverse_proxy unix//tmp/foo.sock { header_down Server intentionally-undisclosed-12345678 } }

To check if it works just use curl as curl --insecure -I http://localhost and curl --insecure -I http://localhost (--insecure because localhost certs are automatically generated as self signed).