-
-
Notifications
You must be signed in to change notification settings - Fork 9.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't remove X-Powered-By header #20344
Comments
why not remove by apache/nginx config? it's better to do it...
|
Hi, because I cannot apply any logic to it, and feel uncomfy setting it in such off-code place - if I can at all. I can imagine this issue is very minor and not harmful (but don't have to be).
|
set it by .htaccess. |
Instead of removing the header afterwards, you should disable it being set at all: http://php.net/manual/en/ini.core.php#ini.expose-php |
Making this method call the And if you don't have access to your change your php.ini (and your ops team does not accept to use a more secure config), you can call |
Thanks. Perhaps one would expect such great explanation in API documentation. |
Call
$response->headers->remove('X-Powered-By')
doesn't remove this header. Must fallback to header_remove('x-powered-by').The text was updated successfully, but these errors were encountered: