Server
標頭描述處理請求的伺服器軟體資訊:也就是產生回應的伺服器資訊。
請避免 Server 值的資訊過度冗長與詳盡,因為它們可能會洩漏實做細節、讓攻擊者容易找到已知安全漏洞並利用之。
標頭類型 | Response header |
---|---|
Forbidden header name | 否 |
語法
Server: <product>
指令
- <product>
- 處理請求的軟體(或組件)名。語法通常與
User-Agent
相似。
How much detail to include is an interesting balance to strike; exposing the OS version is probably a bad idea, as mentioned in the earlier warning about overly-detailed values. However, exposed Apache versions helped browsers work around a bug those versions had with Content-Encoding
combined with Range
.
示例
Server: Apache/2.4.1 (Unix)
規範
規範 | 標題 |
---|---|
RFC 7231, section 7.4.2: Server | Hypertext Transfer Protocol (HTTP/1.1):語意化及內容 |
瀏覽器相容性
BCD tables only load in the browser
The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.