Remove server info and PHP info from response header

Question

How can i prevent server info and php info to be displayed in response header

possible duplicate of [Changing the http header info to hide server info](http://stackoverflow.com/questions/8781878/changing-the-http-header-info-to-hide-server-info) — DonCallisto, Feb 28 '13 at 08:07

score 58 · Accepted Answer · answered Feb 28 '13 at 08:08

58

for server info add the following lines in apache2.conf

ServerTokens ProductOnly

ServerSignature Off

For PHP info

in your php.ini

turn

expose_php = off

answered Feb 28 '13 at 08:08

Engineer

9

The latest syntax on debian & ubuntu servers is: `ServerSignature Off` `ServerTokens Prod` For anyone using those distros. – Kzqai May 25 '14 at 16:43
4

If you are using a recent version of Ubuntu (~12+), these directives have been moved to /etc/apache2/conf.d/security. You must edit that file for your changes to have an effect (says pgschk on AskUbuntu: http://askubuntu.com/a/184366 and verified by me). – Adam Friedman Jan 27 '15 at 16:36
2

More recently, these are in `/etc/apache2/conf-available/security.conf`. – Supernovah Apr 26 '20 at 04:21

1 Answers1