Hide nginx Server Header

Jun 02

wingloonLinux 8 Comments

The default configuration of nginx will display the server header or version number to your web browser. For security purposes, I do not want to display this information. This can be easily achieved by adding or changing to the following in the http{} directive in your nginx configuration file as below: -

server_tokens off;

Not so hard right? Restart the nginx daemon. To verify it, I would like to advise you to use Mozilla Firefox with Server Spy extension and this will give you what brand of HTTPd server you are visiting to.

If you found these helpful, please contribute to help:

8 Comments (+add yours?)

  1. Ferienwohnungen Italien
    Jun 03, 2009 @ 01:57:04

    Thanks for this information of your. It really adds up for my web security and it really works. I am so glad that I visited this blog today here.

  2. Danesh
    Jun 03, 2009 @ 12:17:36

    dude, you running on shared or vps?

  3. wingloon
    Jun 09, 2009 @ 21:58:58

    Ferienwohnungen Italien, good to hear that it works for you.

    Danesh, going to switch to shared hosting soon.

  4. Jonathan Berger
    Jan 29, 2010 @ 16:19:58

    The HTTP server header will actually still be set to “nginx” it just won’t contain the particular version number anymore. (as of Nginx 0.6.35)

  5. wingloon
    Jan 30, 2010 @ 10:51:02

    Jonathan, you are right. Thank you.

  6. Robert Redl
    Feb 24, 2010 @ 16:34:37

    I recommend the Firefox Plugin “Live HTTP Headers” to see even more details.

  7. Wing Loon
    Feb 26, 2010 @ 15:22:14

    Robert Redl, I will give it a try and thanks for the recommendation.

  8. tquang
    Apr 11, 2011 @ 12:42:38

    No, this config not hide info of headers. It’s hide version number only

    How can i hide forever headers of nginx?

Leave a Reply