How to hide PHP version in the HTTP Header

The x-powered-by option is included within the HTTP response header by default, which reveals exactly which version of PHP your site uses. So that not everyone else knows that we are using PHP or maybe an older version of PHP, we can hide this information from the answer header. As far as security is concerned, this is a very good thing because we do not want to show our vulnerable information in the response header.

How to check if the PHP version is displayed in the header? On Google Chrome right-click anywhere on the website and click “Inspect Element”, then navigate to Networks tab and under the list of loaded resources for the page click on the “Header”:


How to hide PHP version in the HTTP Header?

Method 1. Edit the php.ini file

Set expose_php = Off and restart PHP service afterwards.

wxpose_php = Off in

Method 2. Edit .htaccess file

Header always unset X-Powered-By
Header unset X-Powered-By
Header unset X-Powered-By in .htaccess

Method 3. Within the PHP code

<?php header_remove("X-Powered-By"); ?>
<?php header("X-Powered-By: Magic"); ?>

whoami
Stefan Pejcic
Join the discussion

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.