Server Signature Checker

Check if your server's signature is ON. A server signature is the public identity of your web server and contains sensitive information that could be used to exploit any known vulnerability. Turning your server signature OFF is considered a good security practice to avoid disclosure of what software versions you are running.




How to fix it?

By default, the Apache webserver sends HTTP headers with some information about your server version, operating system, modules installed, etc. These informations can be used by hackers in order to exploit vulnerabilities (specially if you are running an older version). These information can be hidden or changed with very basic configurations.

Open Apache's configuration file (httpd.conf or apache.conf) and search for ServerSignature. If you find it, edit it to:

ServerSignature Off
ServerTokens Prod

If you don't find it, just add these two lines at the end of the file.