fastcgi_ignore_headers
The `fastcgi_ignore_headers` directive configures NGINX to ignore specific HTTP headers returned by FastCGI responses.
Description
The fastcgi_ignore_headers directive is used to specify which headers from FastCGI responses should be ignored by NGINX when processing the response. By default, NGINX passes all FastCGI response headers back to the client. However, in certain situations, you may want to suppress specific headers to prevent them from being sent to clients, such as certain security-related headers or headers modifying the caching behavior.
This directive accepts one or more header names as arguments. When a header specified in this directive is present in a FastCGI response, NGINX will completely ignore it and not relay it to the client. This can be particularly useful in securing your application and managing how certain responses are handled without altering your upstream application’s behavior. For instance, ignoring X-Powered-By can help protect against revealing the server technology in use.
The fastcgi_ignore_headers directive can be utilized in http, server, and location contexts, allowing flexible use across different configurations. You can specify any combination of headers to ignore, providing granular control over what information is exposed to clients.
Config Example
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_ignore_headers X-Powered-By;
include fastcgi_params;
}Be careful when ignoring headers that may affect caching or client behavior.
Ensure the headers specified for ignoring do not contain critical information needed by your application.
Misconfiguration may lead to security risks if sensitive headers are unnecessarily exposed.