Nginx
Designed for high performance and low resource usage, often used as a reverse proxy or load balancer.
It employs an event-driven architecture, handling many requests in a single thread, which allows it to efficiently serve static content and handle a large number of concurrent connections with minimal memory usage.
Headers List
Server: nginx/1.18.0 (Ubuntu)
Discloses the
Nginx
version andOS
X-Powered-By: PHP/7.4.3
Reveals backend technologies
X-Forwarded-For: 192.168.1.1
Spoofing this header can bypass IP-based rate limits or access controls
X-Forwarded-Host: evil.com
Manipulating this to
evil.com
can lead to cache poisoning or host header injection if the app trusts it blindly.
X-Forwarded-Proto: http
Forcing
http
instead ofhttps
can downgrade connections, enablingMITM
attacks.
Strict-Transport-Security: max-age=31536000; includeSubDomains
Missing this header allows
SSL
stripping. A shortmax-age
(e.g.,max-age=0
) can also weaken security.
Content-Security-Policy: default-src 'self'
A weak
CSP
likedefault-src *
allows loading scripts from any origin, enablingXSS
X-Content-Type-Options: nosniff
Missing this header lets browsers interpret files as executable (e.g.,
text/plain
astext/html
), leading toMIME
confusion.
X-Frame-Options: DENY
Absence of this header allows
clickjacking
X-XSS-Protection: 1; mode=block
Disabling it (
X-XSS-Protection: 0
) or misconfiguring it can makeXSS
attacks easier.
Cache-Control: no-store
Misconfigured caching (e.g.,
Cache-Control: public
) can leak sensitive data.
Set-Cookie: sessionid=123; Secure; HttpOnly; SameSite=Strict
Missing
Secure
orHttpOnly
(e.g.,Set-Cookie: sessionid=123
) exposes cookies to theft viaMITM
orXSS
.
Location: https://example.com/login
Open redirects (e.g.,
Location: https://evil.com
) can be abused for phishing orSSRF
.
Access-Control-Allow-Origin: *
Overly permissive
CORS
(e.g.,*
) allows any site to read responses, enablingCSRF
or data theft.
Proxy-Authenticate: Basic realm="Proxy"
Leaks proxy auth details, which can be brute-forced or used in internal recon.
Via: 1.1 proxy.example.com
Reveals internal proxies (e.g.,
Via: 1.1 internal-proxy
), aiding infrastructure mapping.
ETag: "123abc"
Weak
ETags
(e.g., based on file timestamps) can be used for fingerprinting or cache poisoning.
Last updated