** Using WeBWorK **

To secure our browser headers, I don't want users to see what version of Perl or OpenSSL or even Apache version  we are running on our Redhat server so I added this at the end of the httpd.conf file

ServerTokens Minor

A reboot later and after I logged in, I get this error.. looks like it needs the Server Response header as remote_addr?

Error record identifier
7e63acca-5404-56a5-aaad-30fe083a81b0::4d1a8fe4-e6d4-11ee-b39c-abc2ed9c42d8
Warning messages
Error messages
Can't locate object method "remote_addr" via package "Apache2::Connection" at /opt/webwork/webwork2/lib/WeBWorK/Authen.pm line 993.
Call stack
The following information can help locate the source of the problem.
•	in WeBWorK::Authen::write_log_entry called at line 103 of /opt/webwork/webwork2/lib/WeBWorK/Authen/LDAP.pm
•	in WeBWorK::Authen::LDAP::ldap_authen_uid called at line 33 of /opt/webwork/webwork2/lib/WeBWorK/Authen/LDAP.pm
•	in WeBWorK::Authen::LDAP::checkPassword called at line 579 of /opt/webwork/webwork2/lib/WeBWorK/Authen.pm
•	in WeBWorK::Authen::authenticate called at line 548 of /opt/webwork/webwork2/lib/WeBWorK/Authen.pm
•	in WeBWorK::Authen::verify_normal_user called at line 320 of /opt/webwork/webwork2/lib/WeBWorK/Authen.pm
•	in WeBWorK::Authen::do_verify called at line 217 of /opt/webwork/webwork2/lib/WeBWorK/Authen.pm
•	in WeBWorK::Authen::verify called at line 161 of /opt/webwork/webwork2/lib/WeBWorK/Authen.pm
•	in WeBWorK::Authen::call_next_authen_method called at line 214 of /opt/webwork/webwork2/lib/WeBWorK/Authen.pm
•	in WeBWorK::Authen::verify called at line 321 of /opt/webwork/webwork2/lib/WeBWorK.pm

I want to make it look like this:

$> curl -I https://testwebwork.oursite.com/webwork2

HTTP/1.1 200 OK
Date: Wed, 20 Mar 2024 22:18:01 GMT
Server: WebWorkServer
Content-Length: 8872
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding

and NOT LIKE this:

$> curl -I https://testwebwork.oursite.com/webwork2

HTTP/1.1 200 OK
Date: Wed, 20 Mar 2024 22:13:40 GMT

Server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_apreq2-20101207/2.8.1 mod_perl/2.0.11 Perl/v5.20.3

X-Frame-Options: deny
Strict-Transport-Security: max-age=63072000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Upgrade: h2
Connection: Upgrade
Content-Security-Policy: frame-ancestors 'none';
Content-Type: text/html; charset=utf-8

Does it need the "Server" response header (guessing yes) and if so, can I hide it? 

suggestions on  how to secure this server?