How to hide PHP version in the HTTP Header

The x-powered-by option is included within the HTTP response header by default, which reveals exactly which version of PHP your site uses. So that not everyone else knows that we are using PHP or maybe an older version of PHP, we can hide this information from the answer header. As far as security is concerned, this is a very good thing because we do not want to show our vulnerable information in the response header.

How to check if the PHP version is displayed in the header? On Google Chrome right-click anywhere on the website and click “Inspect Element”, then navigate to Networks tab and under the list of loaded resources for the page click on the “Header”:

image 28 1024x396 - How to hide PHP version in the HTTP Header

How to hide PHP version in the HTTP Header?

Method 1. Edit the php.ini file

Set expose_php = Off and restart PHP service afterwards.

wxpose_php = Off in
wxpose_php = Off in

Method 2. Edit .htaccess file

Header always unset X-Powered-By
Header unset X-Powered-By
Header unset X-Powered-By in .htaccess
Header unset X-Powered-By in .htaccess

Method 3. Within the PHP code

<?php header_remove("X-Powered-By"); ?>
<?php header("X-Powered-By: Magic"); ?>

Stefan Pejcic
Join the discussion

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.