Easy removal X-Powered-By HTTP headers
By default the HTTP header 'x-powered-by: PleskLin' is added to HTTP responses.
And with PHP, even the version number is included: 'x-powered-by: PHP/7.3.5'
For security it is better to not give such information, as it may expose you are using outdated software with known vulnerabilities.
Currently it is possible to remove these headers, but it requires some manual actions using SSH (https://support.plesk.com/hc/en-us/articles/115000385274)
My suggestion is to create page to be able to manage such header additions for all websites and services.
Marco
shared this idea
The “X-Powered-By” header can now be removed from pages served by Plesk servers by adding the following lines to the panel.ini file:
[webserver]
xPoweredByHeader = off
https://docs.plesk.com/release-notes/obsidian/change-log/#plesk-18031
—
IG
-
Henry David commented
I really liked your post, and I would like to tell you also my favourite writers that are https://www.biographywriter.co.uk/ has skilled writers who can help you write your life story. Our professional writers are experts at making interesting bios that are tailored to your exact needs.
-
adeline aisling commented
UK Proofreaders' services is their precision in proofreading and editing. Their team of seasoned editors meticulously scrutinizes every word, ensuring impeccable grammar, punctuation, spelling, and syntax. visit here: https://www.ukproofreaders.co.uk
-
david costa commented
That is really impressive you both covered all the necessary step I need by the way I'm a professional Ghost writer from NZ currently working in this industry: https://www.bookpublishers.co.nz/ghostwriting
-
Sefer
commented
Official Plesk article does not work. So, I solved it by following the solution;
I was using Cloudflare and was able to change headers through Cloudflare GUI.
https://developers.cloudflare.com/rules/transform/response-header-modification/ -
Steve Weldon commented
Thanks for sharing your amazing views. Its very helpfull for everyone, hope to see more articles like this from : https://helpwithexam.com/
-
payforonline classes
commented
amazing post looking forward to see more from you- https://www.payforonlineclasses.com/
-
Anonymous
commented
How about x-powered-by: PHP/xx ???
-
Michael Koontz commented
For those saying it's not working, check out this knowledge base article added below.
After adding:[webserver]
xPoweredByHeader = offto the panel.ini file you need to:
"Go to Tools & Settings > Diagnose & Repair and click repair for "Web & FTP Servers" to rebuild web server configuration."
-
Tobias Buschor
commented
Not working for me.
- updated to Plesk 18.0.31
- changed to xPoweredByHeader = off
- restarted the server
- the header is still there -
Aokalter
commented
Are you sure this setting is working?
Just upgraded to 18.0.31 and set-up the panel.ini by adding the line.
Still getting the header information "x-powered-by:" -
[Deleted User]
commented
+1 for me as well. Also remove the Server header
-
Gabriel Tavares
commented
Apache:
## HIDE SERVER SEPCS
ServerSignature Off
Header unset X-Powered-ByNginx:
# HIDE SERVER SPECS
server_tokens off;Isn't this what you want?
-
Alexey Lapshin
commented
Add feature to hide (remove) Easy removal "X-Powered-By-Plesk" header on Plesk for Windows for already created, migrated or existing domains.
-
eldhose
commented
I would like to hide the X-Powered-By header using GUI in nginx. Currently you can unset in Appache using by adding a single line of code "Header unset X-Powered-By"
-
Anonymous
commented
yes please
-
Klaus Kochan
commented
Yeah, I think it's important, too.
-
Anonymous
commented
Agree
-
Pat
commented
Would be great! This is important in many ways.