Server
Server 標頭描述處理請求的伺服器軟體資訊:也就是產生回應的伺服器資訊。
請避免 Server 值的資訊過度冗長與詳盡,因為它們可能會洩漏實做細節、讓攻擊者容易找到已知安全漏洞並利用之。
語法
Server: <product>
指令
- <product>
- 處理請求的軟體(或組件)名。語法通常與
User-Agent相似。
How much detail to include is an interesting balance to strike; exposing the OS version is probably a bad idea, as mentioned in the earlier warning about overly-detailed values. However, exposed Apache versions helped browsers work around a bug those versions had with Content-Encoding (en-US) combined with Range (en-US).
示例
Server: Apache/2.4.1 (Unix)
規範
| Specification |
|---|
| Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content # header.server |
瀏覽器相容性
BCD tables only load in the browser