Hide Server Banner and Product Info from HTTP Header


Probably one of the first tasks to do while setting up the production environment is to mask the Apache (or) IHS (IBM HTTP Server) version and Server Banner in a header. This is not critical but considered low risk as information leakage vulnerability and must do for PCI DSS compliant application.


Affected versions

IHS 7.x

IHS 8.x

Apache HTTPD Servers



  • Login to Apache or IHS server
  • Take a backup of the configuration file
  • Add the following three directives in httpd.conf file of your IHS (or) Apache HTTPD


AddServerHeader Off
ServerTokens Prod
ServerSignature Off
  • Save the file and restart the IHS or HTTPD



Follow me on Linkedin My Profile
Follow DevopsJunction onFacebook orTwitter
For more practical videos and tutorials. Subscribe to our channel

Buy Me a Coffee at ko-fi.com

Signup for Exclusive "Subscriber-only" Content