Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How about remove X-Powered-By #54

Closed
alexander-akait opened this issue Jan 15, 2015 · 9 comments
Closed

How about remove X-Powered-By #54

alexander-akait opened this issue Jan 15, 2015 · 9 comments

Comments

@alexander-akait
Copy link 

<IfModule mod_headers.c>
     Header unset X-Powered-By
</IfModule>
@mathiasbynens
Copy link
Member

FTR, it’s better to do this through php.ini, by setting expose_php = off. Or do other server-side languages than PHP add this header?

@alexander-akait
Copy link
Author

@mathiasbynens Many project on php add this header in php script, also many hosting company not give set expose_php = off.

@mathiasbynens
Copy link
Member

@sheo13666 Don’t get me wrong, I agree we could add this to the settings. I’m just saying we should also add a comment explaining the better alternatives.

@arthurvr
Copy link
Member

Don’t get me wrong, I agree we could add this to the settings. I’m just saying we should also add a comment explaining the better alternatives.

👍 @sheo13666 Would you like to open a PR?

@alexander-akait
Copy link
Author

@arthurvr yes, some later

@arthurvr arthurvr mentioned this issue Jan 24, 2015
Closed
@alrra
Copy link
Member

alrra commented Feb 26, 2015

Or do other server-side languages than PHP add this header?

@mathiasbynens PHP isn't even the most "popular".

Using the data provided by the HTTP archive (from the 01.02.2015 run), the top 20 is:

Number of Requests Value of the X-Powered-By Header
1 3858515 ASP.NET
2 722266 PleskLin
3 120204 W3 Total Cache/0.9.4.1
4 93821 PHP/5.3.3
5 88617 PHP/5.2.17
6 85279 WAF/2.0
7 79098 PHP/5.3.29
8 55817 W3 Total Cache/0.9.4
9 45309 PHP/5.3.28
10 40714 Express
11 36329 Undertow/1
12 33041 Servlet/2.5 JSP/2.1
13 29594 PHP/5.4.36
14 27502 PHP/5.4.35
15 25852 UrlRewriter.NET 2.0.0 ASP.NET
16 25131 PHP/5.5.9-1ubuntu4.5
17 23518 ASP.NET ARR/2.5 ASP.NET
18 22910 ASP.NET ASP.NET
19 22361 PHP/5.3.10-1ubuntu3.15
20 21190 PHP/5.4.36-0+deb7u3

Query used:

SELECT count(*) AS number_of_requests, resp_x_powered_by AS x_powered_by_header_value
FROM [httparchive:runs.2015_02_01_requests]
WHERE resp_x_powered_by != ""
GROUP BY x_powered_by_header_value
ORDER BY number_of_requests DESC

Other notes:

  • Total number of requests made by the HTTP Archive (from the 01.02.2015 run): 46098453

    Query used:

    SELECT count(*) AS number_of_requests
FROM [httparchive:runs.2015_02_01_requests]

  • Total number of requests made by the HTTP Archive (from the 01.02.2015 run) that have the X-Powered-By header: 6533969

    Query used:

    SELECT count(*) AS number_of_requests
FROM [httparchive:runs.2015_02_01_requests]
WHERE resp_x_powered_by !=""

@PrplHaz4
Copy link

@alrra eh, PHP/* is the worst offender in your list with 411433

@alrra
Copy link
Member

alrra commented Feb 26, 2015

eh, PHP/* is the worst offender in your list with 411433

@PrplHaz4 ?

@alrra
Copy link
Member

alrra commented Feb 27, 2015

Notes:

  • ASP.NET usually coupled with IIS
  • ASP.NET also sets two additional headers (X-AspNet-Version, X-AspNetMvc-Version), but for the sake of not going too far into framework specific headers, we'll be sticking with just removing the X-Powered-By header

@alrra alrra closed this as completed in b0d89e3 Feb 27, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mathiasbynens @PrplHaz4 @alrra @alexander-akait @arthurvr