Obfuscating the server field of an HTTP response header

I'm new to administering a server, and I'm wondering if there is any value in obfuscating the server field for HTTP response headers I'm sending out.

Would this prevent hackers from determining which webserver I'm using, and therefore make it more difficult to locate an exploitable crack in my security?


It'll fool some bots, but a human attacker isn't going to care that you're not advertising your server's minor version in headers. There is value in bot dodging, but it's pretty limited.

If you're looking to do this, make sure you aren't presenting full version information on error pages, either (the ServerSignature directive, for example, in Apache).


No. They'll just either figure out the server using other quirky behavior or they'll try all exploits for all servers.