0
0
NginxHow-ToBeginner · 3 min read

How to Hide Nginx Version for Better Security

To hide the Nginx version, set server_tokens off; in your Nginx configuration file inside the http, server, or location block. This removes the version number from the Server header in HTTP responses.
📐

Syntax

The directive server_tokens controls whether Nginx shows its version in HTTP headers and error pages.

  • server_tokens on; - Shows Nginx version (default).
  • server_tokens off; - Hides Nginx version.

You can place this directive inside the http, server, or location blocks in your Nginx configuration.

nginx
http {
    server_tokens off;
    # other settings
}
💻

Example

This example shows how to disable the Nginx version globally by adding server_tokens off; inside the http block of nginx.conf. After reloading Nginx, the Server header will no longer include the version number.

nginx
http {
    server_tokens off;

    server {
        listen 80;
        server_name example.com;

        location / {
            root /usr/share/nginx/html;
            index index.html;
        }
    }
}
Output
HTTP/1.1 200 OK Server: nginx Content-Type: text/html ...
⚠️

Common Pitfalls

Some common mistakes when trying to hide the Nginx version include:

  • Placing server_tokens off; inside the wrong block or outside http, server, or location blocks.
  • Not reloading or restarting Nginx after changing the configuration.
  • Using third-party modules or proxies that add their own Server headers revealing version info.

Always verify the header after changes using tools like curl -I http://yourserver.

nginx
## Wrong placement example (will not work):
server_tokens off;

## Correct placement example:
http {
    server_tokens off;
}
📊

Quick Reference

Summary tips to hide Nginx version:

  • Use server_tokens off; inside http, server, or location blocks.
  • Reload Nginx with nginx -s reload after changes.
  • Check headers with curl -I to confirm version is hidden.
  • Consider additional security headers if needed.

Key Takeaways

Set server_tokens off; in nginx.conf to hide the version number.
Place the directive inside http, server, or location blocks.
Reload Nginx after configuration changes to apply them.
Verify the Server header with curl to ensure the version is hidden.
Third-party proxies may still reveal server info; check them too.

Related by keyword

How to Check Nginx Version Quickly and EasilyGetting StartedHow to Use proxy_http_version in Nginx for Proxy RequestsReverse ProxyHow to Start Nginx: Simple Commands to Run Nginx ServerGetting StartedWhat is nginx.conf: Understanding NGINX Configuration FileGetting StartedWhere is Nginx Config File Located? Find nginx.conf EasilyGetting Started

Up next

How to Set gzip_types in Nginx for CompressionRoot vs Alias in Nginx: Key Differences and UsageHow to Configure Logging in Nginx: Syntax and ExamplesDisable Logging for Specific Path in Nginx: Simple Guide

More in Security

How to Allow Specific IP in Nginx: Simple GuideHow to Block IP Address in Nginx: Simple GuideHow to Block Referrer Spam in Nginx: Simple GuideHow to Block User Agent in Nginx: Simple Guide