Package: apache2 Version: 2.4.23-5 Severity: wishlist Dear maintainer,
/etc/apache2/conf-available/security.conf currently defaults to ServerTokens OS This results in a header like: Server: Apache/2.4.10 (Debian) Sending the Apache and OS version is a waste of bandwidth. Unfortunately Apache does not allow to completely suppress this superfluous header. Furthermore the current setting exposes valuable information to a possible intruder: Why should any HTTP client care which OS my server is using? Please, change the default to ServerTokens Minimal Best regards Heinrich Schuchardt
