Fix guide · low · server_version_leak

Server header includes version number

Why it matters

Same shape as X-Powered-By: known versions can be matched to known CVEs.

How to fix it

• Apache: ServerTokens Prod and ServerSignature Off in main config
• Nginx: server_tokens off;
• IIS: remove via URL Rewrite or HTTP headers settings

Or strip the header at your CDN / reverse proxy.

Did vibecheck flag this on your app?

If you reached this page from a vibecheck inspection report, the redacted match in your scan output is the exact string we found in your bundle. After applying the fix above, run the inspection again — the finding should clear.