Server

The HTTP Server response header indicates the software that is being used on the origin server.

Usage

The HTTP Server response header is sent by the server to inform the client about the type of software that handled the HTTP request. The only directive is the product, which is similar in format to the HTTP User-Agent that is supplied by the client during a HTTP request.

Normally, this HTTP header is intentionally vague. This is done to avoid pointing out specifics that an attacker might use to exploit a known vulnerability, perhaps in a specific version of the operating system. That said, it is helpful to give enough information, such as the version number of the web server so that browsers can work around known bugs.

Some web servers, such as Nginx, allow you to remove or customize the HTTP Server header.

Example

Response

Server: nginx

Takeaway

The HTTP Server header is used to inform the client concerning the software that the server is running. This is intended to allow clients to best render pages based on information that they have about the server.

See also

Last updated: June 20, 2022