Objective

The default PHP configuration allows the server HTTP response header ‘X-Powered-By‘ to display the PHP version installed on a web server.

For server security reasons, it is recommended that you disable this information from attackers who might be targeting your server.

Solution

Edit your PHP configuration file/etc/php.ini and add the following:

; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header).  It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
expose_php = Off

Restart Apache

[root@nowherelan]# systemctl restart httpd.service

Go to Geek Flare’s Test Site and check your website’s HTTP Response Header . It should no longer contain the HTTP response header ‘X-Powered-By‘ along with the version of PHP installed.

My System Configuration

• CentOS 7
• Apache 2.4
• PHP 7.3

References

• https://www.tecmint.com/hide-php-version-http-header/
• http://php.net/manual/en/ini.core.php#ini.expose-php
• https://tools.geekflare.com/tools/http-header-test