== Recommended Secure Coding Practices

In general, it is recommended to keep internal technical information within
internal systems to control what attackers know about the underlying
architectures. This is known as the "need to know" principle.

The most effective solution is to remove version information disclosure from
what end users can see, such as the "x-powered-by" header. +
This can be achieved directly through the web application code, server (nginx,
apache) or firewalls.

Disabling the server signature provides additional protection by reducing the
amount of information available to attackers. Note, however, that this does not
provide as much protection as regular updates and patches. +
Security by obscurity is the least foolproof solution of all. It should never
be the only defense mechanism and should always be combined with other security
measures.