What is the HTTP "Server" response-header field used for?

Server information should be removed from HTTP responses, and its an insecure default to leak this data. This isn't a major security risk, or even a medium security risk - but I don't feel comfortable just announcing such details to my adversaries. Having an exact version number leaks when, and how often you patch your production systems - even if the version is current. An adversary knowing the patch cycle, means that they know when you are the weakest.

The HTTP Host header probably most useful for the Netcraft Web Server Survey. But in terms of HTTP it shouldn't matter. That is why we have standards, so that clients and servers written by different vendors can work together.

It's used for whatever you want to use it for. I've found it helpful in the past for reverse-engineering compliance issues; e.g. IIS breaks HTTP/1.1 (RFC 2616) in lots of ways, but most are to the benefit of the user in terms of performance and supported by most browsers. Actually most current browsers no longer comply with the rules in RFC 2616 (now 13 years old).

I've run into problems with bugs in HTTP server code and configuration in the past. Knowing what is running at the remote end is a great help to diagnosing and resolving these problems.

Yes, in Security 101 you're told that obscuring this kind of information improves security, IME the benefits are limited:

• Script kiddies/automated attacks don't bother looking to see what software you are running - they just fire all their guns and hope for the best.

• Anyone who is reasonably competent should be able to determine the server type (although I've not tried this with HTTP servers, a few years ago, I was conducting a survey of SMTP servers - with an average of 2.1 commands, I could find the type and take a good guess at the major version number of MTAs from 12 different vendors).