Remove Version from Server Header Banner in nginx

Netsparker Web Application Security Scanner - the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

By Chandan Kumar on July 12, 2020

Posted in

Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.

Mask Nginx version details from the HTTP Response Header.

In default NGINX configuration, the Server header banner is ON which exposes what version of Nginx you are using.

This is considered as information leakage vulnerability.

If you are working on auditing or fixing a security issue, then you will be asked to get rid of a version as part of hardening & security.

Implementation

server_tokens off;

You can use an online tool Header Checker or developer tools inbuilt in the browser to examine the header.

As you can see, no more version is shown.

I hope this helps and if you are looking to learn Nginx then check out this course by Ray Viljoen.

Power Your Business

Netsparker uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.

Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.