There is no need to reveal this today. Long ago most daemons would advertise what they were and their version in the event clients might need to negotiate around specific behaviors, quirks or bugs.
In NGinx one can get rid of this without recompiling by adding the "nginx-mod-http-headers-more" module and adding to nginx.conf:
more_set_headers 'Server: IIS/4.0'; # or whatever
HAProxy and most load balancer daemons can filter out or replace the Server header. Apache requires a recompile to drop the Server header unless one puts HAProxy in front of it due to the order in how headers are processed. In HAProxy:
http-response set-header Server Silly
or
http-response del-header Server
After making changes one can scan their headers in SecurityHeaders [1] to see what has changed, or use curl:
curl --head https://some.tld/
As to why they still display this? Showing off in crawler stats who is dominate on the internet.
Here is a survey [1] from October of 2022 or just the graph [2] as that page has some odd CSS menus for me that block half of the page. This page uses an additional source. [3]
If I recall correctly: If you have control over the Apache server, you can install mod_security and use ServerTokens to unset headers. No need to recompile.
In NGinx one can get rid of this without recompiling by adding the "nginx-mod-http-headers-more" module and adding to nginx.conf:
HAProxy and most load balancer daemons can filter out or replace the Server header. Apache requires a recompile to drop the Server header unless one puts HAProxy in front of it due to the order in how headers are processed. In HAProxy: or After making changes one can scan their headers in SecurityHeaders [1] to see what has changed, or use curl: As to why they still display this? Showing off in crawler stats who is dominate on the internet.[1] - https://securityheaders.com/