Server

The Server header describes the software used by the origin server that handled the request — that is, the server that generated the response.

Warning: Avoid overly-detailed Server values, as they can reveal information that may make it (slightly) easier for attackers to exploit known security holes.

Header type Response header
Forbidden header name no

Syntax

http
Server: <product>

Directives

<product>

A name of the software or the product that handled the request. Usually in a format similar to User-Agent.

How much detail to include is an interesting balance to strike; exposing the OS version is probably a bad idea, as mentioned in the earlier warning about overly-detailed values. However, exposed Apache versions helped browsers to work around a bug of the versions with Content-Encoding and Range in combination.

Examples

http
Server: Apache/2.4.1 (Unix)

Specifications

Specification
HTTP Semantics
# field.server

Browser compatibility

BCD tables only load in the browser

See also