HEADER

To overcome the security risk and the performance issue you must remove useless HTTP headers from the server response. The next examples cover various popular web servers and scripting languages.

• PHP
• Apache
• Nginx
• IIS
• Node.js
• Express.js

PHP

To remove previously set headers in PHP use the header_remove() function. This function is available since PHP 5.3.0

header_remove("X-Powered-By"); 

APACHE

To remove a response header in Apache use the Header directive along the unset argument. The Header directive could be used in server config (e.g. httpd.conf), virtual host, or site specific .htaccess.

Header unset X-Powered-By

NGINX

To remove an HTTP response header in Nginx use one of next directives: proxy_set_header, proxy_hide_header, more_clear_headers.

proxy_set_header X-Powered-By "";
# or
proxy_hide_header X-Powered-By;
# or
more_clear_headers Server;

MICROSOFT IIS

To remove unwanted response headers in Microsoft IIS 7.0 to 8.5 use the Dionach StripHeaders native-code module. The default configuration is shown below:

<configuration>
  <system.webServer>
    <stripHeaders>
      <header name="Server" />
      <header name="X-Powered-By" />
      <header name="X-Aspnet-Version" />
    </stripHeaders>
  </system.webServer>
</configuration>

NODE.JS

To remove a response header in Node.js use the removeHeader() function. This function was added in v0.4.0

response.removeHeader('Content-Encoding');

EXPRESS.JS

To remove previously set headers in Express.js use the removeHeader() function.

app.use(function (req, res, next) {
  res.header('Pragma', 'no-cache');
  res.removeHeader('Pragma');
  next();
});

CONCLUSION

Removing an HTTP response header could possible help in few directions: to lower down the security risk of exposing sensitive information, and to speed-up your app/page loading time and besides this that is a positive signal for Google.

Source: zinoui / Tjd Studio