The x-powered-by option is included within the HTTP response header by default, which reveals exactly which version of PHP your site uses. So that not everyone else knows that we are using PHP or maybe an older version of PHP, we can hide this information from the answer header. As far as security is concerned, this is a very good thing because we do not want to show our vulnerable information in the response header.
How to check if the PHP version is displayed in the header? On Google Chrome right-click anywhere on the website and click “Inspect Element”, then navigate to Networks tab and under the list of loaded resources for the page click on the “Header”:
How to hide PHP version in the HTTP Header?
Method 1. Edit the php.ini file
Set expose_php = Off and restart PHP service afterwards.
Method 2. Edit .htaccess file
Header always unset X-Powered-By Header unset X-Powered-By
Method 3. Within the PHP code
<?php header_remove("X-Powered-By"); ?>
<?php header("X-Powered-By: Magic"); ?>
