Home/ Questions/Q 972369
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T03:06:49+00:00

My current application I am working on has following line at response fields: Server:

  • 0

My current application I am working on has following line at response fields:

Server: Microsoft-IIS/6.0

I feel embarrassed. I am thinking about writing http module to cloak this field. However am I little afraid that browsers use this value, in order to achieve maximum performance, to alter some aspects of http implementation. So what can go wrong?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    No, the Server field is purely informational, it does not concern the browser at all.

    The HTTP Protocol RFC 2616 does not specify any behavior associated with this field:

    14.38 Server

    The Server response-header field contains information about the software used by the origin server to handle the request. The field can contain multiple product tokens (section 3.8) and comments identifying the server and any significant subproducts. The product tokens are listed in order of their significance for identifying the application.

    It does note though:

    Revealing the specific software version of the server might
    allow the server machine to become more vulnerable to attacks
    against software that is known to contain security holes. Server
    implementors are encouraged to make this field a configurable
    option.

    • 0