PCI DSS question: Suppress Icinga2 version (API)

hi,

our external penetration tester asks, if we can disable / suppress the version number in the headers from the API and maybe also the Icinga string itself.

Is that possible ?