Table of Content
The server header is a response header that is used by the web server to provide information about the software being used by the server. It is basically a type of name plate for the server which includes the details of the web server's name, version, and other server-specific information.
Server: <product> [<product-version>] Example: Server: Apache/2.4.1 (Unix)
Server directives usually contain both the name and version of the web server software. However, it's pracfised by some to reveal only the name for security purposes. Unknown products are denoted by a "?".
Here's an example of a server header provided by an Apache server:
Server: Apache/2.4.1 (Unix)
And here's one provided by an Nginx server:
In case server doesn't want to expose actual details:
How to modify Server header
ModHeader is a Chrome extension that allows you to manipulate the HTTP request and response headers. To modify the Server header using ModHeader:
- Install the ModHeader extension from Chrome web store.
- Click on the ModHeader icon in the browser toolbar.
- In the response headers section, type "Server" in the left box.
- In the right box, type the name and version of the server software you want to fake.
- The next time a response is sent from your server, the Server header will appear as though it was sent from the server software you specified.
Remember that modifying the Server Header is a double-edged sword. On one side, it adds an extra layer of obfuscation for possible attackers. On the other hand, it may induce false-positive in some diagnostic tools.