Tag Archives: HTTP Header

How to hide Nginx version number in headers and errors pages

In default Nginx configuration, the server sends HTTP Header with the information of Nginx version number of the Server. The HTTP response header “Server” displays the version number of the server. This information can be used by hackers to try to exploit any vulnerabilities in the Nginx, specially if you are running an older version with known vulnerabilities.

Sample HTTP Response Header:

HTTP/1.1 200 OK
Server: nginx/1.2.6 (Ubuntu)
Date: Wed, 31 Jul 2013 19:47:33 GMT

Read more »

How to hide apache information with ServerTokens and ServerSignature directives

In default Apache configuration, the server sends HTTP Header with the information of Apache version, modules, Operating System, etc of the Server. The HTTP response header “Server” displays all these details of the server. This information can be used by hackers to try to exploit any vulnerabilities in the Apache, OS or other modules you are running, specially if you are running an older version with known vulnerabilities.

Sample HTTP Response Header:

HTTP/1.1 200 OK
Date: Sun, 10 Feb 2012 07:24:47 GMT
Server: Apache/2.2.17 (Win32) PHP/5.2.17
Vary: Accept-Encoding,Cookie

Read more »

How to hide PHP version in the HTTP Headers

In default Apache/PHP configuration, the server sends HTTP Header with the information of which PHP version is running on the server. The HTTP response header “X-Powered-By” displays the version of PHP that is running on the server. This information can be used by hackers to try to exploit any vulnerabilities in the PHP version you are running, specially if you are running an older version with known vulnerabilities.

Sample HTTP Response Header:

HTTP/1.1 200 OK
Date: Sun, 04 Nov 2012 07:24:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Vary: Accept-Encoding,Cookie

Read more »

404 Error Page Best Practices

A 404 error page is the page that the user may reach due to various reasons. Some of the reasons are:

  • The user has entered / spelt the URL incorrectly.
  • The page has been moved or deleted.
  • The URL they clicked on was incomplete or cut in an email or message.

Read more »