Hide Apache version and other sensitive information in ubuntu

By default, if the Apache host encounters an error page, in addition to prompting an error, it will also display your machine software environment, such as your Apache version, PHP version ...... Is this a bit insecure?

By default, if the Apache host encounters an error page, in addition to prompting an error, it will also display your machine software environment, such as your Apache version, PHP version ...... Is this a bit insecure?
vim /etc/apache2/conf.d/security
ServerTokens Prod
ServerSignature Off
In this way, the system and apache versions are not displayed, which is relatively secure.

ServerTokens is used to set the Apache version information returned by the http header. The following parameters are generally included. The meanings and functions of these parameters are described as follows.

Prod: only the software name, such as apache.

Major: includes the main version number, such as apache/2.

Minor: contains the Minor version number, for example, apache/2.0.

Min: only the complete Apache version number, for example, apache/2.0.54.

OS: includes the operating system type, such as apache/2.0.54 (Unix ).

Full: Includes modules and module versions supported by Apache, such as Apache/2.0.54 (Unix) mod_ssl/2.0.54 OpenSSL/0.9.7g.

ServerSignature
Controls how information is displayed in the footer of a page (error message, mod_proxy ftp directory listing, etc.) generated by the system.

It can be controlled in the global settings file or through the. htaccess file.
The default value is "off" (ServerSignature Off). Some Linux releases may open this valve. For example, Debian sets this valve to open by default on the default virtual host.
The threshold value of the global valve is overwritten by the threshold value in the configuration file of the virtual host or directory unit.

The available thresholds are as follows:
Off (default): No footer information is output (like Apache1.2 and earlier versions, used for confusion)
On: Output a line about the version number and the ServerName of the running Virtual Host (Versions later than 2.0.44, whether ServerTokens outputs the version number)
EMail: create a "mailto" sent to ServerAdmin"