Disable `X-Powered-By` Header by Default #417

Maarten-Dekker · 2024-08-30T15:55:41Z

Maarten-Dekker
Aug 30, 2024

I would like to propose disabling the X-Powered-By header by default. This header, which reveals the PHP version is currently included in HTTP responses. Sending these types of HTTP headers:

does not provide any value to the user experience
contributes to header bloat
exposes information to potential attackers about the technology stack being used

See https://webhint.io/docs/user-guide/hints/hint-no-disallowed-headers/?source=devtools.

Proposed Solution

Set expose_php = On to expose_php = Off by default in php.ini.

jaydrogers · 2024-09-11T16:08:37Z

jaydrogers
Sep 11, 2024
Maintainer

Thanks for pointing this out! I will put this in the next release 👍

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Disable `X-Powered-By` Header by Default #417

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Disable X-Powered-By Header by Default #417

Uh oh!

Uh oh!

Maarten-Dekker Aug 30, 2024

Proposed Solution

Replies: 1 comment

Uh oh!

jaydrogers Sep 11, 2024 Maintainer

Disable `X-Powered-By` Header by Default #417

Maarten-Dekker
Aug 30, 2024

jaydrogers
Sep 11, 2024
Maintainer