# Web Server Fingerprinting Analyzer PRO
Category | Severity | Time To Fix |
---|---|---|
🛡️ Security | Minor | 5 minutes |
Class: Enlightn\EnlightnPro\Analyzers\Security\WebServerFingerprintingAnalyzer
# Introduction
This analyzer checks whether your web server exposes its version information. Exposed information is not a vulnerability in itself but can assist attackers in exploiting un-patched web servers by exposing the vendor and version. This is called web server fingerprinting (opens new window).
To verify if your web server exposes this information, you can make a simple curl
request like so:
curl -I -L https://myapp.com
Look for the "Server" header. If it exposes the vendor (Nginx or Apache) and its version, attackers may use this information to exploit vulnerabilities if your web server is using an older un-patched version.
# How To Fix
# CDN
If you use a reverse proxy CDN such as Cloudflare, there may be options to configure the CDN to hide or alter the Server header.
# Nginx
For Nginx, you can can disable the server version using the server_tokens directive (opens new window) like so:
server_tokens off;
# Apache
For Apache, you can disable the server version using the ServerTokens directive (opens new window) like so:
ServerTokens Prod