scgi_hide_header
The `scgi_hide_header` directive instructs NGINX to exclude specific headers from the response sent to clients when using the SCGI protocol.
Description
The scgi_hide_header directive is used to control which headers from the upstream server should not be included in the response returned to the client. This allows administrators to manage the exposure of certain headers for privacy or security reasons. It takes one argument, which specifies the name of the header to hide. This directive can be placed in the http, server, or location contexts, providing flexibility depending on the architecture of the application.
When scgi_hide_header is specified, the NGINX server will intercept the response before it is sent back to the client and remove the header from the response. This is particularly useful when you're in control of the upstream application and want to sanitize or simplify the headers being sent to clients, preventing sensitive or unnecessary information from being exposed. Multiple scgi_hide_header directives can be used to hide multiple headers by specifying them in separate lines or contexts.
The directive is aimed at optimizing the client experience by ensuring that only relevant and safe headers are sent, and it can contribute to a cleaner API response. Proper use of scgi_hide_header helps in adhering to security best practices by controlling the information disclosure from your application.
Config Example
location /api {
scgi_pass 127.0.0.1:4000;
scgi_hide_header X-Powered-By;
scgi_hide_header Server;
}Ensure that the header name is correctly spelled, as it is case-sensitive.
Be cautious about hiding essential headers that might be needed by clients for processing responses.
Multiple calls to this directive can lead to confusion; ensure that the correct headers are hidden as intended.