Obfuscating the server field of an HTTP response header

http-headers http

I'm new to administering a server, and I'm wondering if there is any value in obfuscating the server field for HTTP response headers I'm sending out.

Would this prevent hackers from determining which webserver I'm using, and therefore make it more difficult to locate an exploitable crack in my security?


It'll fool some bots, but a human attacker isn't going to care that you're not advertising your server's minor version in headers. There is value in bot dodging, but it's pretty limited.

If you're looking to do this, make sure you aren't presenting full version information on error pages, either (the ServerSignature directive, for example, in Apache).


No. They'll just either figure out the server using other quirky behavior or they'll try all exploits for all servers.

Related

Can I use SSH tunnels as a VPN substitute?
What differences are between IIS 7.0 and IIS 7.5?
Database scalability with write-heavy application
Configure Windows firewall blocking behaviour
sed search line and replace only text in that line
IIS7.5 - prevent recycling when changing default document
SSH: How to start a process that won't end after system reboot?
/etc/passwd continually accessed
Dell PowerEdge t710 virtualization suggestions
Why is dropping an index on MyISAM table so slow?
Cutting down network noise on an industrial control network
Possible to use grep simply for finding files in a directory structure?