Web Server Fingerprinting Analyzer PRO

Category	Severity	Time To Fix
🛡️ Security	Minor	5 minutes

Class: Enlightn\EnlightnPro\Analyzers\Security\WebServerFingerprintingAnalyzer

Introduction

This analyzer checks whether your web server exposes its version information. Exposed information is not a vulnerability in itself but can assist attackers in exploiting un-patched web servers by exposing the vendor and version. This is called web server fingerprinting (opens new window).

To verify if your web server exposes this information, you can make a simple curl request like so:

curl -I -L https://myapp.com

Look for the "Server" header. If it exposes the vendor (Nginx or Apache) and its version, attackers may use this information to exploit vulnerabilities if your web server is using an older un-patched version.

How To Fix

CDN

If you use a reverse proxy CDN such as Cloudflare, there may be options to configure the CDN to hide or alter the Server header.

Nginx

For Nginx, you can can disable the server version using the server_tokens directive (opens new window) like so:

server_tokens off;

Apache

For Apache, you can disable the server version using the ServerTokens directive (opens new window) like so:

ServerTokens Prod

References

• OWASP Guide on Web Server Fingerprinting (opens new window)
• Introduction to Web Server Fingerprinting (opens new window)
• How To Configure Your Web Server to Not Disclose Its Identity (opens new window)