The target website returns the
Server header and version information of this website. By
exposing these values, attackers may attempt to identify if the target software is vulnerable to known
vulnerabilities, or catalog known sites running particular versions to exploit in the future when a
vulnerability is identified in the particular version.
We recommend that the version information be removed from the
For Apache based web sites, set the
Prod in the
httpd.conf configuration file.
For NGINX based websites, set the
server_tokens configuration value to
off in the
For IIS based websites version 10 and above you can use the
removeServerHeader element to the
section of the
For all other server types, please consult your product’s documentation on how to redact the version information from