How to hide the server version?

Renaud Allard renaud at
Mon May 12 22:11:22 MSD 2008


Thomas Seifert wrote:
> Hi Guys,
> is there any directive to hide the exact server version in the header
> and error pages?
> I don't mind showing that I'm running nginx but I don't want to give out
> the exact version it is.
> It could give attackers additional information if the update is lacking
> a version or something like that.
> I know, security by obscurity isn't working well but at least its a
> stumbling block.

Just put  "server_tokens   off;" in your main http configuration.

Don't forget that if you are running fastcgi, you may have to put
"fastcgi_param  SERVER_SOFTWARE    nginx;" in your params instead of the
default value.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3304 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the nginx mailing list