Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

Php hide/remove X-Powered-By HTTP header
Page 1 of 1

Author:  mandrei99 [ Thu Jan 15, 2015 9:35 pm ]
Post subject:  Php hide/remove X-Powered-By HTTP header

Inspecting HTTP traffic at layer 7 on a fresh http/php web server yelds some interesting results: A php header that exposes the php version.
Here is http traffic as seen on the network with tcpdump:
Server: nginx
Date: Fri, 16 Jan 2015 00:11:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.5.20
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Content-Encoding: gzip

How to configure php from exposing "X-Powered-By" header:. Edit php.ini and change following value:
expose_php = off

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group