Easy removal X-Powered-By HTTP headers

By default the HTTP header 'x-powered-by: PleskLin' is added to HTTP responses.
And with PHP, even the version number is included: 'x-powered-by: PHP/7.3.5'

For security it is better to not give such information, as it may expose you are using outdated software with known vulnerabilities.
Currently it is possible to remove these headers, but it requires some manual actions using SSH (https://support.plesk.com/hc/en-us/articles/115000385274)

My suggestion is to create page to be able to manage such header additions for all websites and services.

76 votes

Marco shared this idea · May 13, 2019 · Report… · Admin →

completed ·

IgorG responded · October 27, 2020

The “X-Powered-By” header can now be removed from pages served by Plesk servers by adding the following lines to the panel.ini file:

[webserver]
xPoweredByHeader = off

https://docs.plesk.com/release-notes/obsidian/change-log/#plesk-18031

—
IG

Show previous admin responses (1)

An error occurred while saving the comment

Steve Weldon commented · January 25, 2023 01:46 · Report

Thanks for sharing your amazing views. Its very helpfull for everyone, hope to see more articles like this from : https://helpwithexam.com/

Submitting...
payforonline classes commented · December 24, 2021 09:32 · Report

amazing post looking forward to see more from you- https://www.payforonlineclasses.com/

Submitting...
Anonymous commented · November 13, 2020 21:29 · Report

How about x-powered-by: PHP/xx ???

Submitting...
Michael Koontz commented · November 03, 2020 03:59 · Report

For those saying it's not working, check out this knowledge base article added below.
After adding:

[webserver]
xPoweredByHeader = off

to the panel.ini file you need to:

"Go to Tools & Settings > Diagnose & Repair and click repair for "Web & FTP Servers" to rebuild web server configuration."

https://support.plesk.com/hc/en-us/articles/115000385274-How-to-remove-modify-any-header-for-all-websites-hosted-in-Plesk-for-Linux-

Submitting...
Tobias Buschor commented · October 27, 2020 06:06 · Report

Not working for me.
- updated to Plesk 18.0.31
- changed to xPoweredByHeader = off
- restarted the server
- the header is still there

Submitting...
Aokalter commented · October 27, 2020 05:39 · Report

Are you sure this setting is working?
Just upgraded to 18.0.31 and set-up the panel.ini by adding the line.
Still getting the header information "x-powered-by:"

Submitting...
[Deleted User] commented · September 21, 2020 02:11 · Report

+1 for me as well. Also remove the Server header

Submitting...
Gabriel Tavares commented · July 16, 2020 02:21 · Report

Apache:
## HIDE SERVER SEPCS
ServerSignature Off
Header unset X-Powered-By

Nginx:
# HIDE SERVER SPECS
server_tokens off;

Isn't this what you want?

Submitting...
Alexey Lapshin commented · May 13, 2020 02:00 · Report

Add feature to hide (remove) Easy removal "X-Powered-By-Plesk" header on Plesk for Windows for already created, migrated or existing domains.

Submitting...
eldhose commented · February 23, 2020 03:24 · Report

I would like to hide the X-Powered-By header using GUI in nginx. Currently you can unset in Appache using by adding a single line of code "Header unset X-Powered-By"

Submitting...
Anonymous commented · January 21, 2020 03:27 · Report

yes please

Submitting...
Klaus Kochan commented · November 10, 2019 13:39 · Report

Yeah, I think it's important, too.

Submitting...
Anonymous commented · August 11, 2019 15:06 · Report

Agree

Submitting...
Pat commented · June 05, 2019 02:31 · Report

Would be great! This is important in many ways.

Submitting...