Ivan Tomica

Hide Nginx version

If you want to hide which nginx version are you using from HTTP headers you can use following directive in some of your nginx configuration files:

server_tokens off;

To hide it for all of your sites you can add it inside of the http block in your configuration:

http {
    server_tokens off;

To hide it for specific site you can place it inside of the server block:

server {
    server_tokens off;

and lastly, if you want to hide it only for specific location you can use it inside of location block:

location = /example {
    server_tokens off;

After you make changes to your nginx config restart the service.

To verify that nginx version is not exposed anymore you can use following command:

curl -I www.your-domain-name.com

Header you receive should not have version exposed and should look like this:

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Feb 2016 16:49:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Sysadmin on the everlasting journey of learning. Always in search for an opportunity to prove myself and to learn something new. My addiction is learning and my main goal is to excel in every aspect of Linux/Unix system administration.


Leave a Reply

Your email address will not be published. Required fields are marked *