Server header describes the
software used by the origin server that handled the request — that is, the server that
generated the response.
Server values, as they can reveal information that
might make it (slightly) easier for attackers to exploit known security holes.
|Header type||Response header|
|Forbidden header name||no|
The name of the software or product that handled the request. Usually in a format similar to
How much detail to include is an interesting balance to strike; exposing the OS version
is probably a bad idea, as mentioned in the earlier warning about overly-detailed
values. However, exposed Apache versions helped browsers work around a bug those
versions had with
Content-Encoding combined with
Server: Apache/2.4.1 (Unix)
|RFC 7231, section 7.4.2: Server||Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content|
BCD tables only load in the browser