Tips / Nginx

How to hide Nginx version

There are some times when you can’t update your software and you end up running and old/vulnerable version. In this cases, it comes very handy to know how to hide nginx version from all the public. Hiding nginx version is very easy and it’s done using server_tokens directive.

Edit nginx.conf file (it can be located at /etc/nginx/nginx.conf or /usr/local/nginx/conf/nginx.conf file)
The server_tokens variable can be used either in the http, server or location sections. Just set it to off, as shown below:

server_tokens off;

Then reload or restart nginx web server

service nginx restart

server_tokens is the equivalent to Apache’s ServerSignature and ServerTokens variable.

To check the server headers and if you see the version, you can fetch the headers live from any console using curl:

curl -I

Chris Ueland

Wanting to call out all the good stuff when it comes to scaling, Chris Ueland created this blog, ScaleScale. Chris is the CEO of

  • chusiang

    It`s working, thank you for your share.

    By the way, I like the `curl -I`.

  • donnie

    Works perfect for me. Thank you. :)