How to hide Nginx version

There are some times when you can’t update your software and you end up running and old/vulnerable version. In this cases, it comes very handy to know how to hide nginx version from all the public. Hiding nginx version is very easy and it’s done using server_tokens directive.

Edit nginx.conf file (it can be located at /etc/nginx/nginx.conf or /usr/local/nginx/conf/nginx.conf file)
The server_tokens variable can be used either in the http, server or location sections. Just set it to off, as shown below:

server_tokens off;

Then reload or restart nginx web server

service nginx restart

server_tokens is the equivalent to Apache’s ServerSignature and ServerTokens variable.

To check the server headers and if you see the version, you can fetch the headers live from any console using curl:

curl -I

Popular search terms:

  • nginx hide version
  • server_tokens off
  • disable nginx version
  • do not show version nginx


Leave a Reply

Your email address will not be published. Required fields are marked *