php – Why is it important to remove X-Powered-by from response headers? How to remove?


Why is it important to remove X-Powered-By from response headers?

Does this prevent some kind of attack, or prevent "inside information" from the attacker?


X-Powered-By: PHP/5.5.9-1ubuntu4.11

And what are the possible ways, in PHP, to remove them?


It neither prevents nor prevents, in fact, I believe that it passes information beyond what is necessary, informing the environment. I don't use this header as a safety factor. You can remove it either in the INI or in PHP itself.

Removing via INI : expose_php = Off

Removing by PHP : header_remove( 'X-Powered-By' )

The header_remove function is available for PHP 5 >= 5.3.0

Scroll to Top