On Fri, Nov 13, 2020 at 06:03:02AM +0530, Kaushal Shriyan wrote: Hi there,
> As part of the security audit, I have set server_tokens off; > in /etc/nginx/nginx.conf. Is there a way to hide Server: nginx, > X-Powered-By and X-Generator? It's generally pointless from a security perspective to hide headers; and it is impolite to the authors to do so. Stock nginx does not provide a configuration option to remove the Server: header (but it does provide the source code and the freedom for you to do what you want with it). The other headers might be adjustable by whatever generates them; but nginx does provide directives like fastcgi_hide_header (http://nginx.org/r/fastcgi_hide_header) to adjust what is sent from a fastcgi_pass response. Good luck with it, f -- Francis Daly fran...@daoine.org _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
