It is worth noting that it is sometimes not advisable to provide details in the Server: field. Crackers are known to use this information to identify vulnerabilities unique to the http server or host OS based on version information. On Fri, 2 Mar 2007, Henrik Nordstrom wrote: > fre 2007-03-02 klockan 00:21 +0100 skrev Nicolas Krebs: > > I wish to know which data are allowed in Server: header-field (HTTP 1.1). > > May i put in an HTTP response "Server: Apache Plone Zope Python" ? > > Yes, if you like to. But you should try make sure to use the official > names for each product, possibly with a /version component. > > > Does "the software used by the origin server to handle the request" include or > > allow each software involved in the answer ? > > You may add tokens for any software component you consider may be > significantly relevant for how the request was processed and the answer > was generated. > > The main reason for publishing software details like this is allow the > server software to be identified making it easier to diagnose problems. > > Regards > Henrik >Received on Friday, 2 March 2007 05:02:13 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:38:25 GMT