Server
Server 標頭描述處理請求的伺服器軟體資訊:也就是產生回應的伺服器資訊。
請避免 Server 值的資訊過度冗長與詳盡,因為它們可能會洩漏實做細節、讓攻擊者容易找到已知安全漏洞並利用之。
| 標頭類型 | Response header (en-US) |
|---|---|
| Forbidden header name (en-US) | 否 |
語法
Server: <product>
指令
- <product>
- 處理請求的軟體(或組件)名。語法通常與
User-Agent相似。
How much detail to include is an interesting balance to strike; exposing the OS version is probably a bad idea, as mentioned in the earlier warning about overly-detailed values. However, exposed Apache versions helped browsers work around a bug those versions had with Content-Encoding (en-US) combined with Range (en-US).
示例
Server: Apache/2.4.1 (Unix)
規範
| 規範 | 標題 |
|---|---|
| RFC 7231, section 7.4.2: Server | Hypertext Transfer Protocol (HTTP/1.1):語意化及內容 |
瀏覽器相容性
BCD tables only load in the browser