By default, a freshly installed Apache on Debian-based distros print the server name and apache version in the footer of every error pages.
We gain nothing from displaying this information; in fact we are only making it easier for someone to find a known exploit in our version, so we will turn this off.
To turn this off for all VirtualHosts we’ll set it in the main config file, usually found at /etc/apache2/apache2.conf. At the bottom of this file, add:
If you are still using the default config (/etc/apache2/sites-available/default) you will need to remove the line from there. Also check any other config files you might have inherited from anything else running behind apache.
Closer inspection shows that the default install has a file in conf.d called security. This is well worth reading as it has a basic secure config ready to be dropped in, including hiding the server details.
Updated even later:
A more complete list of good ways to secure your apache, check out this great post by Anson Cheung.