Php hide/remove X-Powered-By HTTP header

By On Saturday, April 9th, 2016 Categories : Artikel
Inspecting HTTP traffic at layer 7 on a fresh http/php web server yelds some interesting results: A php header that exposes the php version.
Here is http traffic as seen on the network with tcpdump:

Code:
Server: nginx
Date: Fri, 16 Jan 2015 00:11:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.5.20
Cache-Control: private, no-cache=”set-cookie”
Expires: 0
Pragma: no-cache
Content-Encoding: gzip

How to configure php from exposing “X-Powered-By” header:. Edit php.ini and change following value:

Code:
expose_php = off
White Socks Only, The Chilbury Ladies' Choir, My Brother Sam Is Dead, The Perfect Illusion, Living with a Wild God: A Nonbeliever's Search for the Truth about Everything, All the Light We Cannot See, Physis (Phoebe Reede: The Untold Story #4), Aussie Migrant: Jobs: A Migrant's Essential Guide to Employment in Australia (Migrant Ninja Series Book 2), Going Down Hard (Billionaire Bad Boys, #3), The Ordinary Princess, Everything I Never Told You, The True Confessions of Charlotte Doyle, The Boomerang Clue, Nightlight: A Parody, Amaryllis (St. Helen's, #1), A Última Estrela (A 5ª Vaga, #3), Awakened Dragons (Gem Dragons) Complete Series, Harry Potter Collection (Harry Potter, #1-6), The Forced Bride of Alazar (Seduced by a Sheikh #2), Radiant Child: The Story of Young Artist Jean-Michel Basquiat