From 2739a8c02fff5b9008b4fb0ef03923dcd9c28b56 Mon Sep 17 00:00:00 2001
From: marjatech <72734273+marjatech@users.noreply.github.com>
Date: Fri, 2 Aug 2024 10:54:59 +0200
Subject: [PATCH] hide nginx version from response headers (#99)

---
 core/files/etc/nginx/includes/misp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/files/etc/nginx/includes/misp b/core/files/etc/nginx/includes/misp
index 0602dd1..f508138 100644
--- a/core/files/etc/nginx/includes/misp
+++ b/core/files/etc/nginx/includes/misp
@@ -14,8 +14,9 @@ add_header X-Permitted-Cross-Domain-Policies "none" always;
 add_header X-Robots-Tag "none" always;
 add_header X-XSS-Protection "1; mode=block" always;
 
-# remove X-Powered-By, which is an information leak
+# remove X-Powered-By and nginx version, which is an information leak
 fastcgi_hide_header X-Powered-By;
+server_tokens off;
 
 location / {
     try_files $uri $uri/ /index.php$is_args$query_string;