Exposure · Check

Server header reveals version — hiding banners from attackers

When the `Server` response header includes a version string (e.g. `nginx/1.18.0`, `Apache/2.4.41`), it tells attackers exactly which CVEs to try first. Stripping the version doesn't fix vulnerabilities but it removes the free reconnaissance.

Why it matters

Mass-scanning bots prioritize hosts running known-vulnerable builds. A generic `Server: nginx` (no version) drops you out of those targeting lists and forces an attacker to fingerprint manually — a meaningful friction increase at zero cost.

Real-world risk

Version strings speed up targeted exploits and scanning; attackers prioritize known-vulnerable builds.

Fix steps (in order)

Remove version numbers from the Server header at the proxy (nginx: server_tokens off;).
Strip or replace at CDN / WAF if the origin leaks versions.

Verify the fix in 30 seconds

Run a Scorifya scan on the affected host after deploy. The same finding id (server_banner_version) clears once the externally-observable signal is in place.

Run a free scan Methodology