Apache: Remove Server Signature from Headers

Try ServerTokens Prod

Here is the online reference:

http://httpd.apache.org/docs/2.2/mod/core.html#servertokens

No, that does not work.

It still sends this header:
Server: Apache

Look at the link you sent.  It says:

I don't want any Server header to be sent.

Is it really impossible to remove the Apache header? Isn't there some sort of module or hack for this?

It looks like ModSecurity/SecServerSignature could be used to change the server header but not to remove it.

Is there any way to do this with mod_headers?

ServerSignature doesn't control the headers. It controls what is added at the bottom of directory listings pages.

I don't recommend removing that header completely (I, for one, like to be able to easily tell what type of web server is being used). However, "Header unset Server" may do what you want.

http://httpd.apache.org/docs/2.1/mod/mod_headers.html#header
http://httpd.apache.org/docs/2.1/mod/core.html#serversignature

Kravimir, I guess the Apache httpd server was created by people who share your philosophy.

"Header unset Server" does NOT remove the Server header.

It can be used to remove these headers:
Last-Modified
Etag

But it won't remove the Server header.

The internet was created mostly by people who didn't have anything to hide.  Security concerns over the years have caused people to limit what they reveal.  Most websites do list the server they're running on.  Notable exceptions are Google and Facebook.  Bing only lists some of the servers and Amazon lists some as just 'Server'.  Experts Exchange is running "Apache/Coyote" which I think refers to the use of Java and Tomcat.

The more you hide, the more likely people are to wonder what you have to hide.

Why not use ModSecurity and change it to a blank value?