The PHP version is revealed in the HTTP headers by default on nginx. This can be demonstrated by CURLing the URL of your choice.
curl -I https://www.yoururl.com/
This is dangerous as attackers can run automated scripts to find your vulnerable PHP version (then, for example, adding it into a database of websites to hack).
To fix this, add this code under http in your php.ini:
Then restart using:
systemctl restart php<version>-php-fpm (in CentOS)