Hi there,
just would like to add my opinion.
First of all,
thank you Stefan for tagging this as "wontfix".
To be honest, for myself these tokens are essential for debugging
customer appliances without having access to their services. We're able
to identify their server software easily through these headers and are
able to provide proper support services to them.
Further they're enabling us to gather simple statistical information
throughout our monitoring.
Further, normal users are able to gather simple information by a simple
nmap scan of their server which services are running on it if they're
unexperienced in usage.
Some tutorials rely on these headers and if we wouldn't have them
anymore, we couldn't use them also properly anymore. Just google abit
and you'll find one quite fast.
All in all, they're quite nice to have.
If anyone feels annoyed of them, they're able to turn it of.
I don't think we should remove it by default. As Stefan already
mentioned they could be a security issue - but as a black hat you could
gather the server information anyway quite fast if youre experienced
enough.
Best wishes,
Anna Sdvoijspa
