Server header describes the software used by the origin server that handled the request — that is, the server that generated the response.
Server values, as they can reveal information that might make it (slightly) easier for attackers to exploit known security holes.
|Header type||Response header|
|Forbidden header name||no|
The name of the software or product that handled the request. Usually in a format similar to
How much detail to include is an interesting balance to strike; exposing the OS version is probably a bad idea, as mentioned in the earlier warning about overly-detailed values. However, exposed Apache versions helped browsers work around a bug those versions had with
Content-Encoding combined with
Server: Apache/2.4.1 (Unix)
|RFC 7231, section 7.4.2: Server||Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content|
The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
|Chrome Full support Yes||Edge Full support 12||Firefox Full support Yes||IE Full support Yes||Opera Full support Yes||Safari Full support Yes||WebView Android Full support Yes||Chrome Android Full support Yes||Firefox Android Full support Yes||Opera Android Full support Yes||Safari iOS Full support Yes||Samsung Internet Android Full support Yes|
- Full support
- Full support