Hide PHP Version(X-Powered-By) in Headers
From Brian Nelson Ramblings
Revision as of 13:53, 18 February 2014 by Brian (Talk | contribs) (Created page with "==Hide PHP Version(X-Powered-By) in Headers== Do you need to hide your x-powered-by header? This can cause you fail your PCI Scan if you have an old our out dated version of...")
Hide PHP Version(X-Powered-By) in Headers
Do you need to hide your x-powered-by header? This can cause you fail your PCI Scan if you have an old our out dated version of php.
You will want to edit your php.ini settings.
vim /etc/php.in
And make sure that expose_php is off
expose_php = Off
Before turning off expose_php
curl -I http://www.briansnelson.com
HTTP/1.1 200 OK Date: Tue, 18 Feb 2014 13:37:37 GMT Server: Apache X-Powered-By: PHP/5.2.17 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache
After turning off expose_php
curl -I http://www.briansnelson.com
HTTP/1.1 200 OK Date: Tue, 18 Feb 2014 13:43:13 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache