Hide Nginx & PHP versions in HTTP Header & Error Pages?

Step 1: Open your Nginx server configuration file /etc/nginx/nginx.conf (it’s the default path, however it might change based on your installation) and add server_tokens off; in the http section as shown below:

#vim /etc/nginx/nginx.conf
http {
   #Hide nginx version
   server_tokens off;
How to find the Nginx config file

Run the command nginx -t, which provides you the configuration file path:
Sample Output:
nginx: the configuration file /etc/nginx/nginx.confsyntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Step 2: Open the file /etc/nginx/fastcgi_params

#vim /etc/nginx/fastcgi_params

Replace the line:

fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;


fastcgi_param  SERVER_SOFTWARE    nginx;

How to hide PHP version number:

Open the file /etc/php.ini and add expose_php = Off. This will disable the PHP header information.This step removes the PHP header information everywhere.

#vim /etc/php.ini
expose_php = Off
How to find the php.ini file

Run the command php -i | grep php.ini, which provides you the configuration file path:
Sample Output:
Configuration File (php.ini) Path => /etc
Loaded Configuration File => /etc/php.ini

How to restart PHP-FPM and Nginx services on CentOS7

#systemctl restart php-fpm
#systemctl restart nginx

How to view your web-server header information

Verify your modifications:

$curl -I http://localhost.local
 HTTP/1.1 200 OK
 Server: nginx
 Date: Mon, 2 Aug 2018 15:13:47 GMT
 Content-Type: text/html; charset=UTF-8
 Connection: keep-alive
 Vary: Accept-Encoding


Was this answer helpful? 0 Users Found This Useful (0 Votes)