Skip to main content

.htaccess Remove te X-Powered-By response header

Remove te X-Powered-By response header

Some frameworks, like PHP and ASP.NET, set an X-Powered-By header that contains information about them (e.g.: their name, version number, etc.)

The following example, the X-Powered-By header doesn't provide any value, and in some cases, the information it provides can expose vulnerabilities

<IfModule mod_headers.c>
Header unset X-Powered-By
Header always unset X-Powered-By

If you can, you should disable the X-Powered-By header from the language/framework level.

For example, in PHP, you can do that by setting the following in php.ini

expose_php = off;