Additional menu

Geekflare

Technology Blog, Web Tools and Resources to Supercharge Site and Business

Remove Version from Server Header Banner in nginx

Netsparker Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

by | | Nginx

Mask Nginx version details from the HTTP Response Header.

In default NGINX configuration, Server header banner is ON which exposes what version of Nginx you are using.

This is considered as information leakage vulnerability.

If you are working on auditing or fixing a security issue, then you will be asked to get rid of a version as part of hardening & security.

Implementation

  • Go to nginx/conf folder
  • Take a backup of configuration file
  • Add following in nginx.conf under server section
server_tokens off;
  • Restart Nginx web server

Verification

You can use online tool Header Checker or developer tools inbuilt in the browser to examine the header.

As you can see, no more version is shown.

I hope this helps and if you are looking to learn Nginx then check out this course by Ray Viljoen.

More Great Reading on Geekflare

Is Your Website Fast? Slow? Secure? Mobile-ready? SEO-ready? Following Best-practices? Optimized for Performance?

Modern tool for modern site. 

Geekflare Audit tool let you quickly find out how does your site perform against best practices, performance and SEO. With the responsive and detailed request waterfall, you can inspect how does your webpage load and improve.