Bug#843014: Apache2: ServerTokens Minimal
/etc/apache2/conf-available/security.conf currently defaults to
This results in a header like:
Server: Apache/2.4.10 (Debian)
Sending the Apache and OS version is a waste of bandwidth.
Unfortunately Apache does not allow to completely suppress this
Furthermore the current setting exposes valuable information to a
Why should any HTTP client care which OS my server is using?
Please, change the default to