I noticed some of your nginx/openresty web servers return server headers:
HTTP/1.1 403 Forbidden
Server: openresty/1.19.3.1
Generally, I flag this as limited unless it can be exploited (not to
mention it looks up to the latest release). I'm not sure if this is
intentional but just recommend configuring nginx/openresty to not return
the Server header.
From SAR