3

Disable server tokens by default

  • Live

L
Lorenzo Sapora

Add `server_tokens off;` inside the server block to hide server version information from default error pages.

This is important for avoiding disclosure of vulnerable nginx versions.

A

Activity Newest / Oldest

Avatar

Dennis

This is now default! 🙏


Avatar

Dennis

Status changed to: Live

Avatar

Dennis

Status changed to: Under review

Avatar

Dennis

Hi Lorenzo,

We are not to sure if we are going to do this automatically. Thats why we have created this article about it:

ploi.io/documentation/server/how-do-i-hide-server-version-for-more-security-in-nginx