Most successful cyber attacks begin with successful information gathering. Now more and more Web servers try to hide their identities by removing product tokens in the “Server” header in their responses discreetly, but that fails because of some Web fingerprinting tools. Some tools try to defeat these fingerprinting tools by changing Web servers’ headers order or adding/removing some headers, but, as analyzed in this paper, those measures cannot change Web servers’ inner behavioural characteristics and so fail in anti-fingerprinting. In this paper we argue that eliminating compliance variation among Web servers is a better way against Web server fingerprinting.