Menu
To remove the X-Powered-By header, you can use: <? php header_remove( name: 'X-Powered-By' ); As you can see, you only have to pass the header name as a string as parameter, and you are done.
As far as I know, the removal of these headers is facilitated with the Request Filtering module, which is part of IIS. Add this web. config to your net core application's root folder. Then it will remove the x-powered-by header.
I think that is controlled by the expose_php setting in PHP.ini:
expose_php = off
Decides whether PHP may expose the fact that it is installed on the server (e.g. by adding its signature to the Web server header). It is no security threat in any way, but it makes it possible to determine whether you use PHP on your server or not.
There is no direct security risk, but as David C notes, exposing an outdated (and possibly vulnerable) version of PHP may be an invitation for people to try and attack it.
header_remove("X-Powered-By");
https://secure.php.net/manual/en/function.header-remove.php
If you cannot disable the expose_php directive to mute PHP’s talkativeness (requires access to the php.ini), you could use Apache’s Header directive to remove the header field:
Header unset X-Powered-By
if (function_exists('header_remove')) {
header_remove('X-Powered-By'); // PHP 5.3+
} else {
@ini_set('expose_php', 'off');
}
If you have an access to php.ini, set expose_php = Off.
If you use FastCGI try:
fastcgi_hide_header X-Powered-By;
Try adding a header() call before sending headers, like:
header('X-Powered-By: Our company\'s development team');
regardless of the expose_php setting in php.ini
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With