In a normal Apache installation, your config-file will look like this.
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Full
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature On
This will produce the following default error-message (ie: when a .htaccess creates an error).
Internal Server Error
…
Apache/2.2.3 (Debian) PHP/5.2.0-8+etch11 Server at [servername] Port 80
For a production server, that’s quite a bit of information you’re giving away there – especially the exact version-number of the OS & Apache, which could expose potential leaks/unpatched bugs.
It’s better to change this to:
# ...
ServerTokens Prod
# ...
ServerSignature Off
This will remove the last line of the error-message, where the Apache & OS-version are shown – thus increase your security.
It’s of course 100x more important to keep your software up-to-date, but hiding the version you’re using could help – even if it isn’t by much.