Removing X-Powered-By:PHP header

from HTTP response header

Removing X-Powered-By:PHP header

from HTTP response header

Many times, headers like X-Powered-By: PHP or any other programing language is found in HTTP response headers which is never a good Practice.

In order to remove X-Powered-By header, follow below steps:

  1. Open your php.ini file in any editor.
  2. Find string expose_php

    ; Decides whether PHP may expose the fact that it is installed on the server
    ; (e.g. by adding its signature to the Web server header).  It is no security
    ; threat in any way, but it makes it possible to determine whether you use PHP
    ; on your server or not.
    
    expose_php = On
  3. Change value of expose_php from On to Off: It will look like this

    expose_php=off
  4. Reload the server and you will notice absence of the X-Powered-By:PHP header in HTTP response