As we see security as a top priority, for every new application that we put in production, we let it be penetration tested first. One remark we got with the last pen test was about the information our servers inadvertently revealed through HTTP response headers. Although I think it is not the biggest possible security issue, exposing details about their technology stack through headers like Server and X-Powered-By, gives some reconnaissance information to potential attackers for free.
