search

serversideup / docker-php

🐳 Production-ready Docker images for PHP. Optimized for Laravel, WordPress, and more!
https://serversideup.net/open-source/docker-php/
GNU General Public License v3.0
1.75k stars 121 forks source link

Disable `X-Powered-By` Header by Default #422

Closed jaydrogers closed 1 month ago

jaydrogers commented 1 month ago

Discussed in https://github.com/serversideup/docker-php/discussions/417

Originally posted by **Maarten-Dekker** August 30, 2024 I would like to propose disabling the `X-Powered-By` header by default. This header, which reveals the PHP version is currently included in HTTP responses. Sending these types of HTTP headers: - does not provide any value to the user experience - contributes to header bloat - exposes information to potential attackers about the technology stack being used See [https://webhint.io/docs/user-guide/hints/hint-no-disallowed-headers/?source=devtools](https://webhint.io/docs/user-guide/hints/hint-no-disallowed-headers/?source=devtools). # Proposed Solution Set `expose_php = On` to `expose_php = Off` by default in `php.ini`.