Server

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since July 2015.

The Server header describes the software used by the origin server that handled the request and generated a response.

The benefits of advertising the server type and version via this header are that it helps with analytics and identifying how widespread specific interoperability issues are. Historically, clients have used the server version information to avoid known limitations, such as inconsistent support for range requests in specific software versions.

Warning: The presence of this header in responses, especially when it contains fine-grained implementation details about server software, may make known vulnerabilities easier to detect.

Too much detail in the Server header is not advised for response latency and the security reason mentioned above. It's debatable whether obscuring the information in this header provides much benefit because fingerprinting server software is possible via other means. In general, a more robust approach to server security is to ensure software is regularly updated or patched against known vulnerabilities instead.

Header type Response header
Forbidden header name no

Syntax

http
Server: <product>

Directives

<product>

A name of the software or the product that handled the request. Usually in a format similar to User-Agent.

Examples

http
Server: Apache/2.4.1 (Unix)

Specifications

Specification
HTTP Semantics
# field.server

Browser compatibility

BCD tables only load in the browser

See also