Do not expose server details
macbre opened this issue · comments
Inspired by https://github.com/bunkerity/bunkerized-nginx
https://serverfault.com/a/1015876/448086
server_tokens "";
fails with: #26 1.388 nginx: [emerg] invalid value "" in /etc/nginx/nginx.conf:35
or
https://github.com/openresty/headers-more-nginx-module#more_clear_headers:
more_clear_headers 'server';
https://github.com/bunkerity/bunkerized-nginx/blob/master/helpers/install.sh#L491-L493
And https://www.upguard.com/blog/10-tips-for-securing-your-nginx-deployment
- Disable TRACE and TRACK.
- Configure Nginx to Include an X-Frame-Options Header.
- Modify Nginx Web Server Configuration/SSL for X-XSS protection