Easy removal X-Powered-By HTTP headers
By default the HTTP header 'x-powered-by: PleskLin' is added to HTTP responses.
And with PHP, even the version number is included: 'x-powered-by: PHP/7.3.5'
For security it is better to not give such information, as it may expose you are using outdated software with known vulnerabilities.
Currently it is possible to remove these headers, but it requires some manual actions using SSH (https://support.plesk.com/hc/en-us/articles/115000385274)
My suggestion is to create page to be able to manage such header additions for all websites and services.
The “X-Powered-By” header can now be removed from pages served by Plesk servers by adding the following lines to the panel.ini file:
xPoweredByHeader = off
Steve Weldon commented
Thanks for sharing your amazing views. Its very helpfull for everyone, hope to see more articles like this from : https://helpwithexam.com/
payforonline classes commented
amazing post looking forward to see more from you- https://www.payforonlineclasses.com/
How about x-powered-by: PHP/xx ???
Michael Koontz commented
For those saying it's not working, check out this knowledge base article added below.
xPoweredByHeader = off
to the panel.ini file you need to:
"Go to Tools & Settings > Diagnose & Repair and click repair for "Web & FTP Servers" to rebuild web server configuration."
Tobias Buschor commented
Not working for me.
- updated to Plesk 18.0.31
- changed to xPoweredByHeader = off
- restarted the server
- the header is still there
Are you sure this setting is working?
Just upgraded to 18.0.31 and set-up the panel.ini by adding the line.
Still getting the header information "x-powered-by:"
[Deleted User] commented
+1 for me as well. Also remove the Server header
Gabriel Tavares commented
## HIDE SERVER SEPCS
Header unset X-Powered-By
# HIDE SERVER SPECS
Isn't this what you want?
Alexey Lapshin commented
Add feature to hide (remove) Easy removal "X-Powered-By-Plesk" header on Plesk for Windows for already created, migrated or existing domains.
I would like to hide the X-Powered-By header using GUI in nginx. Currently you can unset in Appache using by adding a single line of code "Header unset X-Powered-By"
Klaus Kochan commented
Yeah, I think it's important, too.
Would be great! This is important in many ways.