Create Server Tokens disabled option

tBartel03

• April 08, 2020 09:40

Server Tokens is currently set to Product Only (e.g. "Apache") on my server though I want to outright disable that header. It serves no purpose for my clients or I and only serves to let potential threats be aware of what to expect on the server. Please implement an option to outright disable this header.

• 

  cPanelKenneth

  • April 08, 2020 17:45

  The Apache web server doesn't provide a way to disable or turn off this header. Can't remove Server: Apache header The Stackoverflow page outlines some options.

  0
• 

  tBartel03

  • April 09, 2020 10:42

  Basically the header exists and is forced by Apache because of statistics in regards to Nginx. So effectively unless we compile our own copy of Apache the header will continue to be forced by Apache.

  0
• 

  cPanelKenneth

  • April 09, 2020 16:15

  Pure speculation: it sounds like it's not just a recompile; one needs to make a change to the httpd source code before recompile. And that change will need made every time httpd gets an update.

  0

Please sign in to leave a comment.