Question:
Why is it important to remove X-Powered-By
from response headers?
Does this prevent some kind of attack, or prevent "inside information" from the attacker?
Example:
X-Powered-By: PHP/5.5.9-1ubuntu4.11
And what are the possible ways, in PHP, to remove them?
Answer:
It neither prevents nor prevents, in fact, I believe that it passes information beyond what is necessary, informing the environment. I don't use this header as a safety factor. You can remove it either in the INI
or in PHP
itself.
Removing via INI
: expose_php = Off
Removing by PHP
: header_remove( 'X-Powered-By' )
The header_remove function is available for PHP 5 >= 5.3.0