HTTP Headers
Server
The HTTP Server
response header indicates the software used by the origin server that processed the request and generated a response.
Including this header can be beneficial for analytics and identifying how common certain interoperability issues are. Historically, clients have relied on the server version information to avoid known limitations, such as inconsistent support for range requests in specific software versions.
Providing excessive detail in the Server
header is generally discouraged due to potential impacts on response latency and security. While obscuring this information might seem advantageous, server fingerprinting can often be performed through other methods. A more effective security strategy involves regularly updating or patching server software against known vulnerabilities.
Syntax
Server: <product>
Directives
<product>
- A name of the software or the product that handled the request. Usually in a format similar to
User-Agent
.
Example
Server: Apache/2.4.1 (Unix)
How to Modify Header using Requestly
Requestly is a powerful Chrome extension that allows you to modify HTTP headers, including the Server header. This can help you test how your application or external services respond when the server header is changed or hidden. Steps to Modify the Server Header:
- Install and open the Requestly Chrome extension. You can find it on the Chrome Web Store.
- Create a new rule: Click on “Create Rule” and choose “Modify Headers” from the list of available rule types.
- Add a new header modification:
- Under “Action”, select “Add” or “Override”.
- In the “Header Name” field, enter Server.
- In the “Header Value” field, enter the desired server name or leave it blank to hide it.
- Set the URL condition: Specify the URL or pattern where this header change should apply (e.g., https://your-api.com/*).
- Save the rule.
Once set up, Requestly will insert or replace the Server header in all matching requests, enabling you to test security measures or simulate different server environments. Modifying the Server header can help protect sensitive information about the server software you use, which attackers might exploit. It also lets developers simulate how different server setups behave when testing their applications.
Table of Contents
- No headings found.