Server

Server 標頭描述處理請求的伺服器軟體資訊:也就是產生回應的伺服器資訊。

請避免 Server 值的資訊過度冗長與詳盡,因為它們可能會洩漏實做細節、讓攻擊者容易找到已知安全漏洞並利用之。

標頭類型 Response header
Forbidden header name

語法

Server: <product>

指令

<product>
處理請求的軟體(或組件)名。語法通常與 User-Agent 相似。

How much detail to include is an interesting balance to strike; exposing the OS version is probably a bad idea, as mentioned in the earlier warning about overly-detailed values. However, exposed Apache versions helped browsers work around a bug those versions had with Content-Encoding combined with Range.

示例

Server: Apache/2.4.1 (Unix)

規範

規範 標題
RFC 7231, section 7.4.2: Server Hypertext Transfer Protocol (HTTP/1.1):語意化及內容

瀏覽器相容性

BCD tables only load in the browser

參見