Remove X-Powered-By php from HTTP response header
Why its a good idea to hide X-Powered-By PHP
How to hide the PHP version in the HTTP Response Headers otherwise know as (remove the X-Powered-By php version). To not let everyone else know that we are using php or maybe an old version of php we can hide this information from the response headers. For a security point of view this is a very good thing to do because we do not want to show our vulnerable information in the response headers. By hiding this information we discourage hackers to try to exploit these vulnerabilities.
More security settings
I also have other tutorials that will help you hide your nginx version number or to rename the server attribute completely. I recommend you to check them out if you care about securing your web server.
Remove X-Powered-By PHP
php.ini file. If you installed a default version using linux apt-get command then you can find the file as following:
sudo nano /etc/php5/fpm/php.ini
Look for the
expose_php attribute on the default configuration file it is somewhere at line 366. To disable the php version in the HTTP Response Headers set the expose_php to Off. This will eliminate the X-Powered-By php sent from the HTTP Response Header.
expose_php = Off
sudo service php5-fpm restart
Testing the output
To test your HTTP Response Headers I use curl -I. The -I option will give us the response headers back.
curl -I example.com
As you can see the X-Powered-By is no longer located in the HTTP Response Headers.
HTTP/1.1 200 OK Server: nginx Date: Wed, 05 Nov 2014 21:00:36 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding