Server Version Disclosure

Impact: Informational


The Server header describes the server application that handled the request. Detailed information in this header can expose the server to attackers. Using the information in this header, attackers can find vulnerabilities easier.


Configure the webserver to stop sending detailed information in the Server header.

Fix Server Version Disclosure in Apache

Open the Apache configuration file (httpd.conf or apache2.conf) and add below lines to it.

ServerTokens Prod
ServerSignature Off

Restart the web server.

Fix Server Version Disclosure in Nginx

  1. Open the Nginx configuration file (nginx.conf) and add below line to either http, server, or location sections.
  2. server_tokens off;
  3. Restart the web server

Fix Server Version Disclosure in Tomcat

  1. Open the server.xml file
  2. Find the Host section and, add below line next after it
  3. <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />
  4. save the file and restart application


Last updated on June 29, 2022

Use SmartScanner Free version to test for this issue