loading
Office 01
JL. RAYA SAWANGA, MAMPANG
Pancoran Mas, Depok
+628111026606
Mon - Fri 9:00am - 5:00 pm
[email protected]
24 X 7 online support

How To Remove Unwanted HTTP Response Headers

How To Remove Unwanted HTTP Response Headers
How To Remove Unwanted HTTP Response Headers
How To Remove Unwanted HTTP Response Headers

HEADER

To overcome the security risk and the performance issue you must remove useless HTTP headers from the server response. The next examples cover various popular web servers and scripting languages.

  • PHP
  • Apache
  • Nginx
  • IIS
  • Node.js
  • Express.js

PHP

To remove previously set headers in PHP use the header_remove() function. This function is available since PHP 5.3.0

header_remove("X-Powered-By"); 

APACHE

To remove a response header in Apache use the Header directive along the unset argument. The Header directive could be used in server config (e.g. httpd.conf), virtual host, or site specific .htaccess.

Header unset X-Powered-By
Apache

NGINX

To remove an HTTP response header in Nginx use one of next directives: proxy_set_headerproxy_hide_headermore_clear_headers.

proxy_set_header X-Powered-By "";
# or
proxy_hide_header X-Powered-By;
# or
more_clear_headers Server;
nginx

MICROSOFT IIS

To remove unwanted response headers in Microsoft IIS 7.0 to 8.5 use the Dionach StripHeaders native-code module. The default configuration is shown below:

<configuration>
  <system.webServer>
    <stripHeaders>
      <header name="Server" />
      <header name="X-Powered-By" />
      <header name="X-Aspnet-Version" />
    </stripHeaders>
  </system.webServer>
</configuration>

 

NODE.JS

To remove a response header in Node.js use the removeHeader() function. This function was added in v0.4.0

response.removeHeader('Content-Encoding');
JavaScript

EXPRESS.JS

To remove previously set headers in Express.js use the removeHeader() function.

app.use(function (req, res, next) {
  res.header('Pragma', 'no-cache');
  res.removeHeader('Pragma');
  next();
});
JavaScript

CONCLUSION

Removing an HTTP response header could possible help in few directions: to lower down the security risk of exposing sensitive information, and to speed-up your app/page loading time and besides this that is a positive signal for Google.

 

Source: zinoui / Tjd Studio

Be the first to leave a comment.

Post a Comment

back to top