Avoid Web Server Fingerprinting

This check ensures that the web server does not expose version information in HTTP response headers. Hiding server version details helps reduce the attack surface by preventing attackers from identifying the exact server software and version in use.

Check Details

Resource: Domain / Web Server
Check: Avoid Web Server Fingerprinting
Risk: If web server version information is exposed, attackers can identify the exact server software and version, making it easier to exploit known vulnerabilities.

Remediation on Web Server (Nginx)

Nginx configuration files are generally located at /etc/nginx/nginx.conf or /etc/nginx/sites-available/ for site-specific settings.

Log in to the server hosting the web application.
Edit the Nginx configuration file:
```
sudo nano /etc/nginx/nginx.conf
```
Disable server version tokens by adding or updating the following directive inside the http block:
```
http {
server_tokens off;
}
```
Test the Nginx configuration:
```
sudo nginx -t
```
Reload Nginx to apply the changes:
```
sudo systemctl reload nginx
```

Verification

Verify that web server version information is no longer exposed in HTTP response headers.


curl -I http://example.com

Expected Output:


Server: nginx

The response should not include any version number.

Other Articles

Avoid Web Server Fingerprinting

Check Details

Remediation on Web Server (Nginx)

Verification