Its usually a good idea to prevent users from being able to determine the version number of the web server software you are using. This helps prevent people from then going and looking for known vulnerabilities in that specific version, and attacking your site.
When a HTTP response comes back to the web browser, it also includes a number of headers. One of these headers is the “Server” header. This is used to identify the web server software being used.
eg:
curl -I http://yourwebserver
Sample output:
HTTP/1.1 200 OK Server: nginx/1.1.19
To remove the version number from this response when using nginx, edit the /etc/nginx/nginx.conf file and add the following line into the “http” section:
server_tokens off;
If it already exists but is set to “on”, change it to “off” instead of adding the new line.
Restart nginx.
Now when you run the ‘curl’ command as per the example above, and you should get an output like this:
HTTP/1.1 200 OK Server: nginx
Note: Make sure you keep up to date on software updates.
