Taffy-specific response headers disclose the middleware portion of the stack. Proposing a suppressTaffyHeaders configuration parameter (and subsequent updates to api.cfc) to suppress Taffy-specific headers. Could optionally leverage the presence of the configured debugKey to disclose this information in a given response.