Server

Server 標頭描述處理請求的伺服器軟體資訊:也就是產生回應的伺服器資訊。

請避免 Server 值的資訊過度冗長與詳盡,因為它們可能會洩漏實做細節、讓攻擊者容易找到已知安全漏洞並利用之。

標頭類型 Response header
Forbidden header name

語法

Server: <product>

指令

<product>
處理請求的軟體(或組件)名。語法通常與 User-Agent 相似。

How much detail to include is an interesting balance to strike; exposing the OS version is probably a bad idea, as mentioned in the earlier warning about overly-detailed values. However, exposed Apache versions helped browsers work around a bug those versions had with Content-Encoding combined with Range.

示例

Server: Apache/2.4.1 (Unix)

規範

規範 標題
RFC 7231, section 7.4.2: Server Hypertext Transfer Protocol (HTTP/1.1):語意化及內容

瀏覽器相容性

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
ServerChrome Full support YesEdge Full support 12Firefox Full support YesIE Full support YesOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesFirefox Android Full support YesOpera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes

Legend

Full support  
Full support

參見