icedicedavid (OP)
Full Member
Offline
Activity: 154
Merit: 100
Ice-Dice.com | Massive Referral Bonus!
|
|
October 27, 2013, 02:55:08 AM |
|
Sahil Saif recommended to turn Nginx's server_token off to remove Nginx version number from the header string.
"The server string is the header which is sent back to the client to tell them what type of http server you are running and possibly what version. This string is used by places like Alexia and Netcraft to collect statistics about how many and of what type of web server are live on the Internet. To support the author and statistics for Nginx we recommend keeping this string as is"
Since Nginx recommended keeping it as is, we don't think this is a security vulnerability but to thank Sahil Saif for his participation, a small reward will be given to him and he will be added to the non-severe award list.
|