0
0
NginxHow-ToBeginner · 3 min read

How to Use server_tokens off in Nginx to Hide Version Info

To disable Nginx from showing its version in error pages and HTTP headers, add server_tokens off; inside the http, server, or location block in your Nginx configuration file. Then reload Nginx to apply the change, which helps improve security by hiding version details.
📐

Syntax

The server_tokens directive controls whether Nginx displays its version number in error pages and the Server HTTP header.

  • server_tokens on; - Shows Nginx version (default).
  • server_tokens off; - Hides Nginx version.

You can place this directive inside the http, server, or location blocks in your Nginx configuration.

nginx
server_tokens off;
💻

Example

This example shows how to disable version info globally by placing server_tokens off; inside the http block of the main Nginx configuration file.

nginx
http {
    server_tokens off;

    server {
        listen 80;
        server_name example.com;

        location / {
            root /usr/share/nginx/html;
            index index.html;
        }
    }
}
Output
When you make a request to the server, the <code>Server</code> HTTP header will not include the Nginx version number, e.g., "Server: nginx" instead of "Server: nginx/1.24.0".
⚠️

Common Pitfalls

Common mistakes when using server_tokens off; include:

  • Placing the directive outside of valid blocks like http, server, or location.
  • Forgetting to reload or restart Nginx after changing the configuration.
  • Expecting it to hide version info from all headers; some modules or proxies might still reveal it.

Always verify with a tool like curl -I http://yourserver to check the Server header.

nginx
## Wrong placement example (will cause error):
server_tokens off;

## Correct placement example:
http {
    server_tokens off;
    ...
}
📊

Quick Reference

DirectiveEffectValid Contexts
server_tokens on;Show Nginx version in headers and error pageshttp, server, location
server_tokens off;Hide Nginx version for securityhttp, server, location

Key Takeaways

Add server_tokens off; inside the http, server, or location block to hide Nginx version info.
Reload Nginx after configuration changes to apply the new settings.
Check the Server HTTP header with tools like curl to confirm version info is hidden.
Incorrect placement of server_tokens causes configuration errors.
This directive improves security by reducing information exposure but does not guarantee full version hiding if other modules are involved.

Related by keyword

How to Check Nginx Version Quickly and EasilyGetting StartedHow to Start Nginx: Simple Commands to Run Nginx ServerGetting StartedHow to Create Server Block in Nginx: Simple GuideConfiguration BasicsHow to Set Default Server in Nginx: Simple GuideConfiguration BasicsWhat Is Server Block in Nginx: Simple Explanation and ExampleConfiguration Basics

Up next

How to Set gzip_types in Nginx for CompressionRoot vs Alias in Nginx: Key Differences and UsageHow to Configure Logging in Nginx: Syntax and ExamplesDisable Logging for Specific Path in Nginx: Simple Guide

More in Security

How to Allow Specific IP in Nginx: Simple GuideHow to Block IP Address in Nginx: Simple GuideHow to Block Referrer Spam in Nginx: Simple GuideHow to Block User Agent in Nginx: Simple Guide