Blog / 2013 / March / 4

Hiding Tomcat Server Name

March 4, 2013

It is a good idea, for security reasons, if your webserver does not report its type or version number in http headers and error messages.

To turn off reporting of Tomcat's server version, add server="Server Name To Show" in the tomcat Connector:

<Connector port="8080"
           server="Apache" />  <!-- server header is now Apache -->

References

Tags: tomcat security