Hi, As part of the security audit, I have set server_tokens off; in /etc/nginx/nginx.conf. Is there a way to hide Server: nginx, X-Powered-By and X-Generator?
To hide the below HTTP headers Server: nginx > X-Powered-By: PHP/7.2.34 > X-Generator: Drupal 8 (https://www.drupal.org) curl -i -H Host:_ https://mydomain.com HTTP/1.1 200 OK *Server: nginx* Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive *X-Powered-By: PHP/7.2.34* Cache-Control: max-age=21600, public Date: Fri, 13 Nov 2020 00:23:38 GMT X-Drupal-Dynamic-Cache: MISS Link: <https://_/>; rel="shortlink", <https://_/>; rel="canonical" X-UA-Compatible: IE=edge Content-language: en X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Expires: Sun, 19 Nov 1978 05:00:00 GMT Last-Modified: Fri, 13 Nov 2020 00:23:37 GMT ETag: "1605227017" Vary: Cookie *X-Generator: Drupal 8 (https://www.drupal.org <https://www.drupal.org>)* X-XSS-Protection: 1; mode=block X-Drupal-Cache: HIT Best Regards, Kaushal
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
