I want to know how to remove the Server header completely that apache sends in the response.
Initially, it was showing full server info like Server: Apache (Ubuntu 14.04) in the response headers.
But I read somewhere to add this in apache2.conf
ServerTokens ProductOnly
ServerSignature Off
It didn't remove the header but only changed it to Server: Apache
I even tried from PHP to remove that header with header_remove('Server');. But still no luck.
So, I want to remove that completely.
Thanks,
PS: if it's possible to change the value to a fake value for eg: Server: Microsoft-IIS/8.0 then it is fine too.
The server ID/token header is controlled by "ServerTokens" directive (provided by mod_core). Aside from modifying the Apache HTTPD source code, or using mod_security module, there is no other way to fully suppress the server ID header.
With the mod_security approach, you can disable all of the module's directives/functions in the modsecurity.conf file, and leverage only the server header ID directive without any additional "baggage." (c) Chipster