In this tutorial, I will explain to you how to delete the header server on Nginx but not only…
As you can see in the screenshot below, in the response, we can see the server: Microsoft-IIS/8.5 and the version of PHP and ASP with the X-Powered-By headers.
To remove the server header, we will use the module http-headers-more-filter.
Check that the module is present:
nginx -V 2>&1 | grep --color 'http-headers-more-filter'
To remove headers, add the following instructions to the virtualhost configuration to remove the information in the server{} block.
more_clear_headers Server;
more_clear_headers X-Powered-By;
Save the configuration and reload the configuration.
sudo systemctl reload nginxNow server and X-Powered-By information is no longer sent to the client.
Why remove the server and X-Powered-By headers?
The answer is quite simple, it is to reduce the information you send over the Internet so as not to reveal to “hackers” the type of web server and operating system, which helps reduce the risk of exploitation. ‘a flaw especially if the server and components are not up to date.