Removing response headers with Apache

Some applications will set erroneous headers that have little to no value to the client. In some cases the header may even pose a security risk by exposing environment/version information. In the case of PHP, we can unset the X-Powered-By header by adjusting the expose_php flag.

Apache has a directive for removing the header information before completing the client request. We will need the mod_headers module enabled to use this directive:

sudo a2enmod headers
sudo service apache2 restart

In our respective configuration file (.htaccess, VirtualHost, Directory):

# Apache/2.2
<VirtualHost *:80>
    ServerName example.com
    Header unset X-Powered-By
</VirtualHost>

We can unset multiple headers on a single line if necessary. More information about configuring response headers is available in the Apache documentation.