Keep-Alive is defined for HTTP/1.0, not 1.1; sending it from a server on a 1.1 connection is just wasting bytes. Ideally, Apache wouldn't send either Connection: keep-alive or the Keep-Alive header field on 1.1 connections at all; at the very least, it should be configurable.
Keep-Alive header indicates KeepAliveTimeout. Some browsers (at least Firefox) read it and avoid a race condition about KeepAliveTimeout. So -0.5 for simply omit Keep-Alive header.
The Keep-Alive response header is a hint which may be used by browsers to determine how many requests (max=) and how long connections (timeout=) will be kept alive by the server. It may prevent them from sending requests too late, so this is a valuable information IMHO (I don't know if browsers use it though, but they ought to...). Indeed HTTP/1.1 does not define Keep-Alive as such, but says any header Connection's token used as a header is hop-by-hop (ie. not forwardable and possibly ignored if not understood), and so is Keep-Alive. "Connection: keep-alive" is the default in HTTP/1.1, so it may not be needed unless the header Keep-Alive is also there.
True, but FF et al don't *need* that header; some sites will want to omit the header to save bytes on the header (e.g., search StackOverflow). Some control would be nice.
Some random notes I am throwing in here after doing some debugs this weekend: 1. It is _not_ needed (nor "defined by the protocol") to send the "Keep-Alive:" response header - in fact other webservers don't even do that by default (IIS/Nginx) 2. When building http-clients, it would be super bad practice to rely on "headers" and there are other better ways of knowing if a tcp connection is still live or not. 3. While IIS and Nginx usually allow some milliseconds more than the timeout config, Apache usually falls a few milliseconds short, that means, if a http-client would rely on this header, it would assume still being able to use the connection while that wouldn't be anymore true.
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd. As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd. If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question. If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with. Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.