How to Remove x-powered-by in Apache/PHP

Sometimes you may need to hide x-powered-by in Apache/PHP server to protect your web server’s identity and prevent malicious attackers from exploiting its security vulnerabilities. In this article, we will look at how to remove x-powered-by in Apache/PHP.

How to Remove x-powered-by in Apache/PHP

There are multiple ways to remove x-powered-by in Apache/PHP. We will look at each of them one by one.

Using php.ini

If you have access to php.ini file (PHP configuration) file, typically found at /etc/php.ini or /etc/php5/apache2/php.ini depending on your Linux distribution, then open terminal and run the following command to view php.ini in a text editor.

$ sudo vi /etc/php.ini

Find the following line.

expose_php = on

Change it to the following, to hide x-powered-by header

expose_php = off

Save and close the file.

Restart Apache server to apply changes.

$ sudo service apache2 restart

Using PHP code
If you don’t have access to php.ini, just add the following to your PHP response, to remove or overwrite the x-powered-by header before sending it to the client.
The following function will remove x-powered-by header
<?php header_remove("X-Powered-By"); ?>
The following function will replace the x-powered-by header value ‘ABC’. You can change it as per your requirement.
<?php header("X-Powered-By: ABC"); ?>
As you can see it is easy to remove x-powered-by header in Apache/PHP.