Howtos / Articles

Remove nginx version from HTTP response headers

Its usually a good idea to prevent users from being able to determine the version number of the web server software you are using. This helps prevent people from then going and looking for known vulnerabilities in that specific version, and attacking your site.

When a HTTP response comes back to the web browser, it also includes a number of headers. One of these headers is the “Server” header. This is used to identify the web server software being used.

eg:

curl -I http://yourwebserver

Sample output:

HTTP/1.1 200 OK
Server: nginx/1.1.19

To remove the version number from this response when using nginx, edit the /etc/nginx/nginx.conf file and add the following line into the “http” section:

server_tokens off;

If it already exists but is set to “on”, change it to “off” instead of adding the new line.

Restart nginx.

Now when you run the ‘curl’ command as per the example above, and you should get an output like this:

HTTP/1.1 200 OK
Server: nginx

Note: Make sure you keep up to date on software updates.



Share this howto article!
  • Facebook
  • Twitter
  • Reddit
  • email

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>