the HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the server version and languages used by the web server.
- ServerSignature Off: This directive hides the server version and OS details on server-generated pages like error messages.
- ServerTokens Prod: Limits the information returned in the Server HTTP header to only the word Apache, preventing exposure of the exact version number or OS details.
- SetOutputFilter DEFLATE: Enables output compression using mod_deflate, which reduces the size of the data sent to the client and improves loading times.
we can remove server name from Apache response header by:
- Open Apache Config File
go to xampp\apache\conf\ httpd.conf
open and edit the code to hide server information in Apache as below:
# Disable the server signature (hides server version details) ServerSignature Off # Show only minimal information about the server version ServerTokens Prod # Enable compression to improve website performance SetOutputFilter DEFLATE
- or locate .htaccess file (for wordpress)
open .htaccess file and edit it by adding code as below:
# Disable the server signature (hides server version details) ServerSignature Off # Show only minimal information about the server version ServerTokens Prod # Enable compression to improve website performance SetOutputFilter DEFLATE
- Restart Apache Server
Restart Apache via the XAMPP control panel to apply the changes.
