I request that the Server information (e.g., OpenResty/Nginx version) that appears in my web server’s (OpenResty/Nginx Reverse Proxy) HTTP response headers be completely hidden or removed. This information leakage poses a risk of information disclosure to cyber attackers. Please ensure that the server_tokens off; setting is enabled in the Nginx global configuration.
2. PHP Error Display Security:
To prevent the leakage of sensitive information from my site, I kindly request that the display_errors directive in the PHP configuration be set to Off globally.
These security measures are critical for my live site.
Hi and welcome to the forum! This is not the right category to post support requests; they should go on Hosting Support next time.
For the first one, OpenResty’s version is already hidden in the configuration file, but the header cannot be completely removed; plus this is shared web hosting, so that change can’t be done by yourself.
As for the second one, display_errors should be already set to Off, but whether or not it’s enabled depends on how you set up your website’s software, though now I checked your website and it doesn’t look like it’s using a CMS. For WordPress, if you were using it, you should look for whether the WP_DEBUG constant in your wp-config.php file is off. Also, check your .htaccess file in your domain’s htdocs folder for anything that enables it and, if so, remove that line and save the file.
Please don’t blindly trust what nonsense your AI is spoonfeeding you, and then use AI to generate more nonsense to waste our time with non-existent issues.
The Server header only says “openresty”. It doesn’t display any version information. It doesn’t remove the Server header entirely, but this is exactly the behavior that using sever_tokens off does.
The display_errors directive is disabled globally. However, we provide the option to enable it for individual websites for debugging purposes. If it’s enabled for your site, it means that you enabled it. Which means that if you want to disable it again, you can just do so yourself.
Please don’t come here and demand “urgent security hardening” for “critical security issues” that don’t exist.
Thank you, teacher. Thank you for the information. You are right. I need to pay more attention. The translation can sometimes be wrong. Please excuse me.