Whenever Apache2 web server returns a page, it outputs the web server signature (e.g., Apache version number and operating system info): in the HTTP Response Header, and at the bottom of the default server error pages.
Revealing web server signature can be a security risk as you are essentially telling hackers known vulnerabilities of your system. Thus it is recommended you disable or turn off all web server signatures as part of server hardening process. To disable, you can try adding the following to your top .htaccess file:
Note that on some servers to make it work, you may need to add to the server config file (apache2.conf or https.conf, depending on web server type), and then restart the web server. You will require root SSH access, and *nix expertise to do this. Otherwise, ask your web host to do it.
Last Revised: 2015-08-29