In this tutorial, we will show you how to hide Nginx Server Header on your Linux server. In default Nginx configuration, the server sends HTTP Header with the information of Nginx version number of the Server. The HTTP response header “Server” displays the version number of the server. This information can be used to try to exploit any vulnerabilities in the Nginx, especially if you are running an older version with known vulnerabilities. Hiding Nginx version is very easy and it’s done using server_tokens directive. This tutorial helps you customize the name of the server on your host.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘
sudo‘ to the commands to get root privileges.
Hide Nginx Server Header
Step 1. Go to Nginx/conf folder (it can be located at
Step 2. Hide Nginx version.
Add the following in nginx.conf under server section:
Step 3. Restart Nginx web server:
service nginx restart
Let’s verify if we see the server information now:
curl -I http://idroot.us/ HTTP/1.1 200 OK Server: nginx Date: Sun, 03 Aug 2014 06:06:52 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding X-Pingback: http://idroot.us/xmlrpc.php
Congratulations! You have successfully hidden the Nginx version. Thanks for using this tutorial for hiding Nginx version in Linux system. For additional help or useful information, we recommend you to check the official Nginx web site.