Why is it important to remove
X-Powered-By from response headers?
Does this prevent some kind of attack, or prevent "inside information" from the attacker?
And what are the possible ways, in PHP, to remove them?
It neither prevents nor prevents, in fact, I believe that it passes information beyond what is necessary, informing the environment. I don't use this header as a safety factor. You can remove it either in the
INI or in
expose_php = Off
header_remove( 'X-Powered-By' )
The header_remove function is available for PHP 5 >= 5.3.0