Please wait while we load your page...


Latest Version [8.00202205221] Last Updated [May-22-2022]

Webmaster Tutorials

Definition [Disable Apache Web Server Signature]

Protect Your Website Today

Disable Apache Web Server Signature

Whenever Apache web server returns a page, it outputs the web server signature (e.g., Apache version number and operating system info): in the HTTP Response Header, and at the bottom of the default server error pages.

Revealing web server signature can be a security risk as you are essentially telling hackers known vulnerabilities of your system. Thus it is recommended you disable or turn off all web server signatures as part of server hardening process. To disable, you can try adding the following to your top .htaccess file:

ServerSignature Off

Note that on some servers to make it work, you may need to add to the server config file (apache2.conf or httpd.conf, depending on web server type), and then restart the web server. You will require root SSH access, and *nix expertise to do this. Otherwise, ask your web host to do it.

You can use our HTTP Response Sniffer to check your web server signature.

Random Security Blog Articles

PasswordSentry :: Security Blog ArticleThe online voting glitches in Ontario’s recent municipal elections show it’s time to develop nationwide guidelines and standards for online voting in Canada. (Shutterstock) Nicole Goodman, Brock University and Aleksander Essex, Western University A political scientist and a … Read More
PasswordSentry :: Security Blog ArticleYour phone could soon replace your passwords. Xavier Lorenzo/Moment via Getty Images Sayonnha Mandal, University of Nebraska Omaha Passwords could soon become passé. Effective passwords are cumbersome, all the more so when reinforced by two-factor authentication. But the need … Read More
PasswordSentry :: Security Blog ArticleIf your gut says something is off about an email message, stop and investigate. Jose Luis Pelaez Inc/DigitalVision via Getty Images Rick Wash, Michigan State University An employee at MacEwan University got an email in 2017 from someone claiming … Read More

Live Chat Offline