Description
The Server header reveals detailed information about the server application handling the request, including the Nginx version. Exposing this information can aid attackers in identifying vulnerabilities and launching targeted attacks.
Recommendation
To mitigate this issue, open the Nginx configuration file (nginx.conf) and add the following line to either http, server, or location sections:
server_tokens off;
Then, restart the web server to apply the changes.
References
- Mozilla: Server
- OWASP: Fingerprint Web Server
- Nginx Documentation: server_tokens Directive
- Nginx
- CWE-16
- CWE-200
- CAPEC-118
- OWASP 2021-A5