HTTP Security Header
Server
Contains information about the software used by the origin server to handle the request.
Configuration Snapshot
- Header Name
- Server
- Primary Mitigation
- Information Disclosure (Passive Reconnaissance)
Example Configuration
Server: obscure-server-name
Implementation Best Practices
- Remove or obfuscate the Server header
- Do not leak version numbers of the web server (e.g., Apache/2.4.1)
- Use a generic name to disrupt automated vulnerability scanners
Audit Your Configuration
Properly implementing Server is critical for achieving a robust security posture. A misconfigured header can leave your application exposed to client-side attacks or accidentally block legitimate functionality. Use our Security Headers auditing tool to evaluate your live production setup.
Scan Your Website