Easy removal X-Powered-By HTTP headers
By default the HTTP header 'x-powered-by: PleskLin' is added to HTTP responses.
And with PHP, even the version number is included: 'x-powered-by: PHP/7.3.5'
For security it is better to not give such information, as it may expose you are using outdated software with known vulnerabilities.
Currently it is possible to remove these headers, but it requires some manual actions using SSH (https://support.plesk.com/hc/en-us/articles/115000385274)
My suggestion is to create page to be able to manage such header additions for all websites and services.
Thank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
[Deleted User] commented
+1 for me as well. Also remove the Server header
Fabio Perri commented
+1 for me.
Please add this feature to Plesk.
Thanks in advance for the support.
Gabriel Tavares commented
## HIDE SERVER SEPCS
Header unset X-Powered-By
# HIDE SERVER SPECS
Isn't this what you want?
Alexey Lapshin commented
Add feature to hide (remove) Easy removal "X-Powered-By-Plesk" header on Plesk for Windows for already created, migrated or existing domains.
I would like to hide the X-Powered-By header using GUI in nginx. Currently you can unset in Appache using by adding a single line of code "Header unset X-Powered-By"
Klaus Kochan commented
Yeah, I think it's important, too.
Hakan Fragapane commented
Yeah this is nice! I have written an application that scans the webserver you've given for excatly that. Here you can download it: https://www.prodigy-official.de/#tools
Would be great! This is important in many ways.