HTTP Headers And Server Security

Server security is very important. One of the ways that HTTP headers compromise your server's security is the Server response header. If Joe Hacker knows what server software you are using, he can exploit any known vulnerabilities.

Of course, just changing or removing the Server header field won't make your server impervious to attacks, but it will definitely give an attacker more trouble. By slowing an attacker down, you have given yourself more time to respond and stop the attack.

For IIS, ServerMask is a good solution. For Apache servers, mod_headers allows you to change or remove response headers fields.