proxy_hide_header
The 'proxy_hide_header' directive removes specified headers from the response received by the client when using proxy_pass.
Description
The proxy_hide_header directive instructs NGINX to remove specific HTTP response headers from the upstream server before sending the response to the client. This can be useful for security or privacy purposes, allowing you to prevent sensitive information from being exposed in the headers of responses. The directive can be defined at the http, server, or location context, providing flexibility for configuration based on different scopes of your NGINX server. Parameters for the directive consist of the header name that needs to be omitted from the response.
When utilizing the proxy_hide_header directive, it's important to include valid header names as arguments. If a specified header is not present in the response from the upstream server, there is no adverse effect; NGINX simply omits it without any errors. The directive can be included multiple times to hide multiple headers, ensuring comprehensive control over what information is sent back to clients. Users must be cautious when configuring this directive to ensure that critical headers necessary for application function aren't unintentionally removed, which could lead to unexpected behavior.
Config Example
location /api {
proxy_pass http://backend;
proxy_hide_header X-Powered-By;
}Ensure the header name is correct and matches the case of the header in the response, as headers are case-insensitive in HTTP but may be treated case-sensitively in configuration files.
Multiple instances of this directive can be used; ensure that you check for typos to avoid confusing behavior with hidden headers.
Be cautious when hiding headers that contain important security or application information that may be needed for proper client function.