Apache Server Tokens

On the server to have an website loading up you would need a web server. The web server is the core of the website itself. As with all web servers, there are new versions over time. Sometimes its advisable to hide some details about the web server such as the server token. Whilst this provides some aspects of security, its done via obscurity. This means that whilst a normal query against the website header won’t show the information, the value can be extracted via another method.

These are the values in which you can set the server tokens to be:

ServerTokens Full (or not specified)
Server sends (e.g.): Server: Apache/2.4.2 (Unix) PHP/4.2.2 MyMod/1.2

ServerTokens Prod[uctOnly]
Server sends (e.g.): Server: Apache

ServerTokens Major
Server sends (e.g.): Server: Apache/2

ServerTokens Minor
Server sends (e.g.): Server: Apache/2.4

ServerTokens Min[imal]
Server sends (e.g.): Server: Apache/2.4.2

ServerTokens OS
Server sends (e.g.): Server: Apache/2.4.2 (Unix)

In a full production server,its best to use the value of Prod, it allows to show only the name of the web server, in our case it would be Apache only.

Our config would be set at:

nano /etc/apache2/apache2.conf

ServerSignature Off
ServerTokens Prod