z9hG4bK.orgSIPHeader Fields

Server

The Server header field allows a UAS to identify its software and version.

The Server header field is defined in RFC 3261.

Construction Summary

The Server header field consists of a list of product tokens and comments. Product tokens consist of two parts separated by a slash. The first part should be name of the software, the second part the version. A comment is UTF-8 text enclosed in parantheses.

Usage

The Server header field is optional in all responses. If present, it indicates the name and version of the software of the UAS. Since revealing this information may have security implications, it SHOULD be possible to configure use of this header field.

The Server header field is of no relevance for proxies.

References

Syntax and Semantics

RFC 3261, section 20.35 "Server"

The Server header field contains information about the software used by the UAS to handle the request.

Revealing the specific software version of the server might allow the server to become more vulnerable to attacks against software that is known to contain security holes. Implementers SHOULD make the Server header field a configurable option.

Example:

      Server: HomeServer v2
    

RFC 3261 is missing a reference to RFC 2616, where the Server header field is originally defined:

RFC 3261, section 14.38 "Server"

The Server response-header field contains information about the software used by the origin server to handle the request. The field can contain multiple product tokens (section 3.8) and comments identifying the server and any significant subproducts. The product tokens are listed in order of their significance for identifying the application.

Product Tokens

RFC 2616, section 3.8 "Product Tokens"

Product tokens are used to allow communicating applications to identify themselves by software name and version. Most fields using product tokens also allow sub-products which form a significant part of the application to be listed, separated by white space. By convention, the products are listed in order of their significance for identifying the application.

Examples:

      User-Agent: CERN-LineMode/2.15 libwww/2.17b3
      Server: Apache/0.8.4
    

Product tokens SHOULD be short and to the point. They MUST NOT be used for advertising or other non-essential information. Although any token character MAY appear in a product-version, this token SHOULD only be used for a version identifier (i.e., successive versions of the same product SHOULD only differ in the product-version portion of the product value).

ABNF

XXX Will follow

Excerpts from RFCs and Internet Drafts: Copyright © The Internet Society. All Rights Reserved.
All other material is copyrighted by the contributing authors and licensed to the public under the GNU Free Documentation License (GFDL).
For more information, please see the Copyright page.