Do not expose server details

> Inspired by https://github.com/bunkerity/bunkerized-nginx

https://serverfault.com/a/1015876/448086

```
server_tokens "";
```

fails with: `#26 1.388 nginx: [emerg] invalid value "" in /etc/nginx/nginx.conf:35`

----

or

https://github.com/openresty/headers-more-nginx-module#more_clear_headers:

```
 more_clear_headers 'server';
```

> [Installation instructions](https://github.com/openresty/headers-more-nginx-module#installation) // [more headers](https://github.com/bunkerity/bunkerized-nginx/blob/33e0ffd5b1058fb6e702110f9240dd4703e075a3/misc/variables.env#L106)

> https://github.com/bunkerity/bunkerized-nginx/blob/master/helpers/install.sh#L491-L493

---

And https://www.upguard.com/blog/10-tips-for-securing-your-nginx-deployment

* Disable TRACE and TRACK.
* Configure Nginx to Include an X-Frame-Options Header.
* Modify Nginx Web Server Configuration/SSL for X-XSS protection

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Do not expose server details #63

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Do not expose server details #63

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions