<name>ServerTokens</name>
<description>Configures the <code>Server</code> HTTP response
header</description>
-<syntax>ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full</syntax>
+<syntax>ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full|Off|Set</syntax>
<default>ServerTokens Full</default>
<contextlist><context>server config</context></contextlist>
information about compiled-in modules.</p>
<dl>
- <dt><code>ServerTokens Off</code></dt>
+ <dt><code>ServerTokens Full</code> (or not specified)</dt>
- <dd>Server sends no <code>Server:</code> header
- (and <code>SERVER_SOFTWARE</code> is blank)</dd>
+ <dd>Server sends (<em>e.g.</em>): <code>Server: Apache/2.0.41
+ (Unix) PHP/4.2.2 MyMod/1.2</code></dd>
<dt><code>ServerTokens Prod[uctOnly]</code></dt>
there are any embedded spaces.
</dd>
- <dt><code>ServerTokens Full</code> (or not specified)</dt>
+ <dt><code>ServerTokens Off</code></dt>
+
+ <dd>Server sends no <code>Server:</code> header
+ (and <code>SERVER_SOFTWARE</code> is blank)</dd>
- <dd>Server sends (<em>e.g.</em>): <code>Server: Apache/2.0.41
- (Unix) PHP/4.2.2 MyMod/1.2</code></dd>
</dl>
<p>This setting applies to the entire server, and cannot be
<p>After version 2.0.44, this directive also controls the
information presented by the <directive
module="core">ServerSignature</directive> directive.</p>
+
+ <note>Setting <directive>ServerTokens</directive> to less than
+ <code>minimal</code> is not recommended because it makes it more
+ difficult to debug interoperational problems. Also note that
+ disabling the Server: header does nothing at all to make your
+ server more secure; the idea of "security through obscurity"
+ is a myth and leads to a false sense of safety.</note>
+
</usage>
<seealso><directive module="core">ServerSignature</directive></seealso>
</directivesynopsis>
projects / apache / commitdiff