Server Tokens is currently set to Product Only (e.g. “Apache”) on my server though I want to outright disable that header. It serves no purpose for my clients or I and only serves to let potential threats be aware of what to expect on the server. Please implement an option to outright disable this header.
The Apache web server doesn't provide a way to disable or turn off this header.
Some discussion: Can't remove Server: Apache header
The Stackoverflow page outlines some options.
Some discussion: Can't remove Server: Apache header
The Stackoverflow page outlines some options.
Basically the header exists and is forced by Apache because of statistics in regards to Nginx. So effectively unless we compile our own copy of Apache the header will continue to be forced by Apache.
Pure speculation: it sounds like it's not just a recompile; one needs to make a change to the httpd source code before recompile. And that change will need made every time httpd gets an update.