When developing a website with the XAMPP web server, it’s important to hide Apache server version is a crucial security step for your web security.
While XAMPP is not recommended for a live production server due to its many vulnerabilities, some situations may require its use.
So, why is it necessary to hide the Apache server version in XAMPP? And how can you do it on both Windows and Linux? Here’s a complete guide.
Table of Contents
Why Should You Hide Apache Server Version in HTTP Response Header?
The Apache server version in XAMPP is easily visible by using your browser’s “inspect element” tool, as shown here:
Each server version has its own specific weaknesses. Knowing the exact version makes it much easier to map out security vulnerabilities on any website that uses it.
In other words, by revealing your server type and version, you are giving potential attackers a roadmap to its security flaws.
Therefore, you should configure your server to not display this version information by default. But how do you hide the XAMPP Apache version?
2 Ways to Hide Apache Server Version in XAMPP
This section explains how to hide the Apache server version in XAMPP on both Windows and Linux Ubuntu.
a. Hiding the Server Version on Windows
If you have XAMPP installed on Windows, follow these steps to hide your Apache server version:
- Open the XAMPP Control Panel. In the row for the Apache module, click the Config button.
- Open the Apache configuration file, Apache (httpd.conf).
- Add the following directives to the httpd.conf file:
ServerTokens Prod ServerSignature Off
- You can place this script at the very bottom of the file.
- Save the file and then Restart Apache.
- Visit your website again and inspect the server version. If the version details are no longer visible, as shown below, you have successfully hidden them.
b. Hiding the Server Version on Linux (Ubuntu)
If you have XAMPP installed on Linux Ubuntu, follow these steps to hide the Apache server version:
- Run XAMPP on Linux to open the control panel window.
- Navigate to the Manage Servers tab, select Apache Web Server, and click Configure.
- In the Configure Apache Web Server window, click Open Conf File. Click Yes on the confirmation pop-up.
- Once the httpd.conf file is open, copy and paste the following directives into it:
ServersTokens Prod ServerSignature Off
- You can place this script at the very bottom of the file.
- Save the file and Restart Apache.
- Visit your website again to check the server version.
Have You Successfully Hidden Your XAMPP Apache Server Version?
Hiding your XAMPP Apache server version is an important step in enhancing your website’s security.
Website security is crucial, especially for large corporations and government institutions. If you feel uncertain about your website’s security system, don’t hesitate to consult with professional web development services like Tonjoo.
By taking these precautions, you can prevent the risk of breaches, such as attacks that exploit vulnerabilities discoverable through methods like Google Dorking.
Read similar articles by Moch. Nasikhun Amin on the Tonjoo blog about WordPress, WooCommerce, plugins, and other web development topics.
Updated on August 18, 2025 by Moch. Nasikhun Amin
