When a browser send a request to an apache web server, apache will send back the response data as well as response headers. You can check what kind of headers are send back with curl command.
$ curl -I http://mysite/
or if the site is on https
$ curl -Ik https://mysite/
Date: Mon, 07 Dec 2015 10:12:52 GMT Server: Apache X-Powered-By: Phusion Passenger (mod_rails/mod_rack) X.X.XX Cache-Control: no-cache
As you can see that from the response header the site is hosted using Apache server with Phusion Passenger version X.X.XX . If there is any vulnerability issue with the version of Passenger then this kind of information exposed is vital. In order to hide this information you need to use apache’s Headers module.
For Ubuntu systems by default headers module is not enabled.
First of all you need to create a file called headers.conf under /etc/apache2/mods-available directory with the following contents
<IfModule mod_headers.c> Header unset X-Powered-By Header always unset X-Powered-By </IfModule>
Enable the headers module and restart apache with
# a2enmod headers # service apache2 restart
If you now execute the curl command as described above you will not see the X-Powered-By header.