Web Server Default Banners

Web server default banners are when web servers like Apache, Nginx, and others are configured to show their server type, version number, and operating system. Hackers can use a simple method to get this information. This information is sent in the headers of the HTTP request and looks like this:

HTTP/1.1 200 OK
Date: Thu, 12 Jun 2014 14:15:01 GMT
Server: Apache/2.2.21 (Win32) PHP/5.4.7
Connection: close
Content-Type: text/html; charset=iso-8859-1

Malicious hackers can use this information to launch targeted attacks on your website. Your webserver should have these banners turned off.

Turn off banners on Apache

Changing the following configuration in the httpd.conf file will turn off the version number:

ServerTokens Prod


ServerSignature Off

Turn off banners on Nginx

You can limit the information that Nginx presents by creating/editing the following directive in nginx.conf. Find the http section, which defines configurations for the HttpCoreModule. Uncomment (remove the # symbol) or add the following directive:

erver_tokens off;

Turning off the default web banners helps mask the server and version number of your current webserver. This gives malicious hackers less information to work with and keeps you safer.

Talk to a Progress Coordinator to see how they can help secure your site

Jacob Billings
PhD Candidate - Complex Systems

I am a software engineer, linguist, and researcher of Complex Systems. I hold a bachelor's degree in Middle Eastern Studies from the University of Utah, a Master’s degree in linguistics from Francisco Marroquín University in Guatemala City, and I am a doctoral candidate in Complex Systems at the Polytechnic University in Madrid, Spain.

Software Development: I bring over 20 years of experience in developing software for multiple clients in various environments. I have a solid knowledge of PHP, Javascript, MySQL, NoSQL, Python, and Java.

Over my career, I have had the opportunity to work on projects for some of the most recognized brands on the planet. Brands like Marriott Hotels, Microsoft, Ashland Chemical, Capital One Credit Cards, Cadbury Schweppes, GE and more. This has given me an in-depth understanding of my client's challenges as they grow. I know how to get a company from startup to maturity with technology. My specialties are in E-commerce(specifically Magento), process automation, and security.