Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
In Nginx Last updated: September 6, 2022
Share on:
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

Mask Nginx version details from the HTTP Response Header.

In default NGINX configuration, the Server header banner is ON which exposes what version of Nginx you are using.

This is considered as information leakage vulnerability.

If you are working on auditing or fixing a security issue, then you will be asked to get rid of a version as part of hardening & security.

Implementation

  • Go to nginx/conf folder
  • Take a backup of a configuration file
  • Add the following in nginx.conf under server section
server_tokens off;
  • Restart Nginx webserver

Verification

You can use an online tool Header Checker or developer tools inbuilt in the browser to examine the header.

nginx-server-version

As you can see, no more version is shown.

I hope this helps and if you are looking to learn Nginx then check out this course by Ray Viljoen.

  • Chandan Kumar
    Author
    Chandan Kumar is the founder of Geekflare. He’s helped millions to excel in the digital realm. Passionate about technology, He’s on a mission to explore the world and amplify growth for professionals and businesses.
Thanks to our Sponsors
More great readings on Nginx
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Monday.com is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.
    Try Monday
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder