# Web Server Fingerprinting Analyzer PRO

Category Severity Time To Fix
🛡️ Security Minor 5 minutes

Class: Enlightn\EnlightnPro\Analyzers\Security\WebServerFingerprintingAnalyzer

# Introduction

This analyzer checks whether your web server exposes its version information. Exposed information is not a vulnerability in itself but can assist attackers in exploiting un-patched web servers by exposing the vendor and version. This is called web server fingerprinting (opens new window).

To verify if your web server exposes this information, you can make a simple curl request like so:

curl -I -L https://myapp.com

Look for the "Server" header. If it exposes the vendor (Nginx or Apache) and its version, attackers may use this information to exploit vulnerabilities if your web server is using an older un-patched version.

# How To Fix

# CDN

If you use a reverse proxy CDN such as Cloudflare, there may be options to configure the CDN to hide or alter the Server header.

# Nginx

For Nginx, you can can disable the server version using the server_tokens directive (opens new window) like so:

server_tokens off;

# Apache

For Apache, you can disable the server version using the ServerTokens directive (opens new window) like so:

ServerTokens Prod

# References