The Problem

Hiding server header is important to hide a potential bot which is targeting a vulnerability found in the server you are running.


1 Obvious way!

Obvious way is Nginx/OpenResty honors the server signature sent by the proxy.

proxy_pass_header Server;

2 Using lua (In case of OpenResty)

  location / {
    content_by_lua_block {
            ngx.header['server'] = 'WoWSome'
    access_by_lua_block {
        ngx.header['server'] = 'WoWSome'
    try_files $uri @app;

3 Probably the worst way of all.

You can use headers-more-nginx-module but for that you will need to compile it.

Once it is done you can simply use more_set_headers

	more_set_headers 'Server: WoWSome';

Worth Sharing?