Hide PHP Version(X-Powered-By) in Headers

From Brian Nelson Ramblings
Jump to: navigation, search

Hide PHP Version(X-Powered-By) in Headers

Do you need to hide your x-powered-by header? This can cause you fail your PCI Scan if you have an old our out dated version of php.

You will want to edit your php.ini settings. 

vim /etc/php.in

And make sure that expose_php is off 

expose_php = Off

Before turning off expose_php 

curl -I http://www.briansnelson.com

HTTP/1.1 200 OK
Date: Tue, 18 Feb 2014 13:37:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

After turning off expose_php 

curl -I http://www.briansnelson.com

HTTP/1.1 200 OK
Date: Tue, 18 Feb 2014 13:43:13 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Retrieved from "https://briansnelson.com/index.php?title=Hide_PHP_Version(X-Powered-By)_in_Headers&oldid=514"