Hide X-Powered-By (nginx)

Question

So is there any way to hide X-Powered-By on Nginx?

Answer 1

x-powered-by is given by the module, for instance php fastcgi module offers to set expose_php=Off in php.ini

Answer 2

If you use NGINX with FastCGI you should use:

fastcgi_hide_header X-Powered-By;

Answer 3

fastcgi_hide_header X-Powered-By or proxy_hide_header X-Powered-By on http/server context

Answer 4

proxy_hide_header X-Powered-By;

Answer 5

Nginx

1. Open this file

   $ sudo vi /etc/nginx/nginx.conf

2. Find the HTTP section, this section defines configurations for Nginx's HttpCoreModule. Add the below directive:

   $ server_tokens off;

This will configure Nginx not send any version numbers in the HTTP header.

(Removing the server name is possible, however, since Nginx modules cannot be dynamically loaded, you would need to recompile Nginx from source with the HttpHeadersMoreModule Nginx module.)

3. Reload Nginx configuration To apply the change, reload Nginx service:

   $ sudo service nginx reload

PHP

For server security reasons, it is recommended that you disable or hide this information from attackers who might be targeting your server by wanting to know whether you are running PHP or not.

Step 1.

$ `sudo nano /etc/php.ini`

2. Find the keyword expose_php and set its value to Off:

   $ expose_php = off

3. If you're running PHP as FPM, then you'll need to reload PHP-FPM

   $ sudo service php-fpm reload

After reloading, the response header X-Powered-By: PHP/7.2 should be missing.

Answer 6

#nano /etc/nginx/nginx.conf

comment this line

more_clear_headers 'X-Powered-By';

and restart Nginx