Provides information about the software used by the server.

This optional HTTP response header typically provides information about the web server software that you are running. For example, it might say nginx or Apache/2.4.1 (Unix) or cloudflare. Web browsers can use this information to work around bugs in certain versions of older server software, but if you are running modern software this is no longer necessary.

It is good practice try avoid disclosing too much information in this header, as this can make it slightly easier for attackers to find security holes. We recommend omitting this header entirely to save on a little bandwidth, but this usually requires using some third party modules. If you include it, it is recommended to avoid revealing the name of the operating system or any version numbers.

If you are running apache, you can add these two lines to your httpd.conf file to limit the header to the most basic information.

ServerSignature Off
ServerTokens Prod

If you are running nginx, you can add this line to your nginx.conf file to limit the shared information.

server_tokens off;

For more information on this header, please read the documentation on MDN Web Docs.

Ready to validate your website to check for this header and 100+ others important tests?