<div dir="ltr">Hi,<br><div><br></div><div>As part of the security audit, I have set server_tokens off; in /etc/nginx/nginx.conf. Is there a way to hide Server: nginx, X-Powered-By and X-Generator?</div><div><br></div><div>To hide the below HTTP headers </div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Server: nginx<br>X-Powered-By: PHP/7.2.34<br>X-Generator: Drupal 8 (<a href="https://www.drupal.org">https://www.drupal.org</a>)</blockquote><div><br></div><div>curl -i -H Host:_ <a href="https://mydomain.com">https://mydomain.com</a></div><div><br>HTTP/1.1 200 OK<br><b>Server: nginx</b><br>Content-Type: text/html; charset=UTF-8<br>Transfer-Encoding: chunked<br>Connection: keep-alive<br><b>X-Powered-By: PHP/7.2.34</b><br>Cache-Control: max-age=21600, public<br>Date: Fri, 13 Nov 2020 00:23:38 GMT<br>X-Drupal-Dynamic-Cache: MISS<br>Link: <https://_/>; rel="shortlink", <https://_/>; rel="canonical"<br>X-UA-Compatible: IE=edge<br>Content-language: en<br>X-Content-Type-Options: nosniff<br>X-Frame-Options: SAMEORIGIN<br>Expires: Sun, 19 Nov 1978 05:00:00 GMT<br>Last-Modified: Fri, 13 Nov 2020 00:23:37 GMT<br>ETag: "1605227017"<br>Vary: Cookie<br><b>X-Generator: Drupal 8 (<a href="https://www.drupal.org">https://www.drupal.org</a>)</b><br>X-XSS-Protection: 1; mode=block<br>X-Drupal-Cache: HIT<br></div><div><br></div><div>Best Regards,</div><div><br></div><div>Kaushal</div></div>