Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What does "x-powered by" mean?

I'm just curious to know what "x-powered by" means when we try to find the Web Server Information about some website.

What I'm trying:

Actually I'm trying to find out what technologies different websites are using. But the confusion is created when "Web Server Information" for one particular website is showing x-powered-by: ZendServer 8.5.0,ASP.NET which is showing ZendServer that is for php and ASP.NET that is opposite(technology) to php. The bad question that comes in my mind after seeing this information of x-powered-by is "Are they using both at a time?"

like image 950
Ali Mohyudin Avatar asked Nov 07 '15 08:11

Ali Mohyudin


People also ask

How do you know if X is powered by?

We find the first item, this is the HTML, the basic structure of the website. In the right half of the Inspect pane, we select the headers tab and scroll down to find the “X-Powered-By” header.

How do I fix X powered?

Answer. Go to Tools & Settings > Diagnose & Repair and click repair for “Web & FTP Servers” to rebuild web server configuration.

How do you hide X-powered-by?

To remove the X-Powered-By header, you can use: <? php header_remove( name: 'X-Powered-By' ); As you can see, you only have to pass the header name as a string as parameter, and you are done.


2 Answers

"X-Powered-By" is a common non-standard HTTP response header (most headers prefixed with an 'X-' are non-standard). It's often included by default in responses constructed via a particular scripting technology.

It's important to note that it can be disabled and/or manipulated by the server. Some servers chose not to include it or even to provide misleading information to throw off hackers that might target a particular technology/version.

If I wanted to send out that response header in a PHP script it's as simple as including the following code:

header('x-powered-by: ZendServer 8.5.0,ASP.NET');

It cannot necessarily be trusted. The server in question could very well be using some combination of technologies you mentioned, or perhaps neither. It can be a helpful start, but there is no way to definitively tell what scripting software is being used on a server simply from an HTTP response.

like image 123
rawb Avatar answered Oct 01 '22 21:10

rawb


It – like all headers – is sent by the server (including any web application running on that server). Or it could be set by an intermediate proxy.

X-Powered-By is set by various servers to say what kind of server it is.

Software installed on that server might override the server's default.

There is an argument that giving this information to clients gives information that can only serve to help attackers (just a little bit: saves working out what kind of server).

Summary: set by server, at best informational, at worst could make attacks a tiny bit easier.

like image 39
Richard Avatar answered Oct 01 '22 20:10

Richard