Information
The server and x-powered-by header may specify the underlying technology used by an application. The NGINX reverse proxy may pass these headers if not explicitly directed to remove them.
Rationale:
Attackers can conduct reconnaissance on a website using these response headers, then target attacks for specific known vulnerabilities associated with the underlying technologies. Removing these headers will reduce the likelihood of targeted attacks.
Solution
Implement the below directives as part of your location block. Edit /etc/nginx/nginx.conf and add the following:
location /docs {
....
proxy_hide_header X-Powered-By;
proxy_hide_header Server;
....
}
Default Value:
This is not implemented by default.