Nic Cottrell asked:
My server responds with
Server: Apache/2.2.15 (CentOS) to all requests. I guess that this gives away my server architecture making it easier to hack attempts.
Is this ever useful to a web browser? Should I keep it on?
You can change the Server header if you want, but don’t count on this for security. Only keeping up to date will do that, since an attacker can just ignore your Server header and try every known exploit from the beginning of time.
RFC 2616 states, in part:
Server implementors are encouraged to make this field a configurable option.
And Apache did, with the
ServerTokens directive. You can use this if you wish, but again, don’t think that it’s going to magically prevent you from getting attacked.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.