Many web servers include their exact software name and version number in every response (a Server header like nginx/1.18.0), which hands attackers a shortcut — they can look up known vulnerabilities for that specific version instead of probing blind.
Server and X-Powered-By headers hand attackers a head start — "Apache/2.4.49" or "PHP/7.2.3" tells them exactly which known vulnerabilities to try first. This information has no benefit to legitimate visitors.
Your response headers no longer reveal specific software version numbers.
Fix it, then re-scan — the check confirms itself. No manual checkbox, the scan is the truth.
Run this check in H.I.V.E. →