Tips / Nginx

How to hide Nginx version

There are some times when you can’t update your software and you end up running and old/vulnerable version. In this cases, it comes very handy to know how to hide nginx version from all the public. Hiding nginx version is very easy and it’s done using server_tokens directive.

Edit nginx.conf file (it can be located at /etc/nginx/nginx.conf or /usr/local/nginx/conf/nginx.conf file)
The server_tokens variable can be used either in the http, server or location sections. Just set it to off, as shown below:

server_tokens off;

Then reload or restart nginx web server

service nginx restart

server_tokens is the equivalent to Apache’s ServerSignature and ServerTokens variable.

To check the server headers and if you see the version, you can fetch the headers live from any console using curl:

curl -I

Popular search terms:

  • nginx hide version
  • hide nginx version
  • nginx server_tokens
  • nginx server tokens

Esteban Borges

Linux Geek, Webperf Addict, Nginx Fan. CTO @Infranetworking

  • It`s working, thank you for your share.

    By the way, I like the `curl -I`.

  • Works perfect for me. Thank you. 🙂

  • Nice, great security implementation by reducing the amount of information a hacker has access to.