Skip to main content

.htaccess Remove te X-Powered-By response header

Remove te X-Powered-By response header

Some frameworks, like PHP and ASP.NET, set an X-Powered-By header that contains information about them (e.g.: their name, version number, etc.)

The following example, the X-Powered-By header doesn't provide any value, and in some cases, the information it provides can expose vulnerabilities

<IfModule mod_headers.c>
  Header unset X-Powered-By
  Header always unset X-Powered-By
</IfModule>
note

If you can, you should disable the X-Powered-By header from the language/framework level.

For example, in PHP, you can do that by setting the following in php.ini

php.ini
expose_php = off;

Table of Contents