risottobias, is removing server headers actually beneficial to #security, or is it #securitytheater
e.g., removing the #mastodon server version
pros: for a widely used software (like apache), knowing the exact version helps you narrow down exploits.
rebuttal: you know it's mastodon or #lemmy already.
cons: think like a user. Removing the server version means that users can't know that you've lapsed in updating the site.
transparency over obscurity.
Add comment