Nginx Version Disclosure

Description

The Server header reveals detailed information about the server application handling the request, including the Nginx version. Exposing this information can aid attackers in identifying vulnerabilities and launching targeted attacks.

Recommendation

To mitigate this issue, open the Nginx configuration file (nginx.conf) and add the following line to either http, server, or location sections:

server_tokens off;

Then, restart the web server to apply the changes.

References

• CWE-16
• CWE-200
• Mozilla: Server
• Nginx
• Nginx Documentation: server_tokens Directive
• OWASP 2021-A5
• OWASP: Fingerprint Web Server