Its not a good idea to broadcast the versions of software you’re running when it comes either your Apache server or your favourite web development framework. While it doesn’t make your server any more secure, it may make you less of a target as many attacks come from people you actually don’t know from all over the world who are just looking for potential targets, for instance, by identifing your server signature using advanced search queries on search engines.
By default Apache adds its version number and some OS information to every response header as shown below:
Therefore, one of the first things you must do when setting up an Apache web server is add/edit these two directive in the httpd.conf file:
ServerSignature Off ServerTokens Prod
The first one, ServerSignature Off tells apache not to display the server version on error pages, or other pages it generates.
The second one ServerTokens Prod tells apache to only return Apache in the Server header, returned on every page request.
With these two directives this is how the response header will look like:
See other tips: