The PHP version is revealed in the HTTP headers by default on nginx. This can be demonstrated by CURLing the URL of your choice.

curl -I

Hide PHP Nginx Curl X-Powered-By.jpg

This is dangerous as attackers can run automated scripts to find your vulnerable PHP version (then, for example, adding it into a database of websites to hack).

To fix this, add this code under http in your php.ini:

expose_php off;

Then restart using:

systemctl restart php<version>-php-fpm (in CentOS)