php - Removing X-Powered-By

Question

1. How can I remove X-Powered-By header in PHP? I am on an Apache Server and I use php 5.21. I can't use the header_remove function in php as it's not supported by 5.21. I used Header unset X-Powered-By, it worked on my local machine, but not on my production server.

2. If php doesn't support header_remove() for ver < 5.3, is there an alternative?

Answer 1

I think that is controlled by the expose_php setting in PHP.ini:

expose_php = off

Decides whether PHP may expose the fact that it is installed on the server (e.g. by adding its signature to the Web server header). It is no security threat in any way, but it makes it possible to determine whether you use PHP on your server or not.

There is no direct security risk, but as David C notes, exposing an outdated (and possibly vulnerable) version of PHP may be an invitation for people to try and attack it.