Php hide/remove X-Powered-By HTTP header

By On Saturday, April 9th, 2016 Categories : Artikel
Inspecting HTTP traffic at layer 7 on a fresh http/php web server yelds some interesting results: A php header that exposes the php version.
Here is http traffic as seen on the network with tcpdump:

Code:
Server: nginx
Date: Fri, 16 Jan 2015 00:11:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.5.20
Cache-Control: private, no-cache=”set-cookie”
Expires: 0
Pragma: no-cache
Content-Encoding: gzip

How to configure php from exposing “X-Powered-By” header:. Edit php.ini and change following value:

Code:
expose_php = off
29008221, 29008222, 29008223, 29008224, 29008225, 29008226, 29008227, 29008228, 29008229, 29008230, 29008231, 29008232, 29008233, 29008234, 29008235, 29008236, 29008237, 29008238, 29008239, 29008240, 29008241, 29008242, 29008243, 29008244, 29008245, 29008246, 29008247, 29008248, 29008249, 29008250, 29008251, 29008252, 29008253, 29008254, 29008255, 29008256, 29008257, 29008258, 29008259, 29008260