By default, Apache HTTP server (“httpd”) will add information to the Web server header about the Apache version, OS-type, and modules (e.g. mod_ssl, mod_php, mod_bwlimited, etc. ). PHP will also include its version to the Web server header (X-Powered-By). This tutorial shows you how to hide Apache & PHP version from the HTTP headers.
Below is an example (via LiveHTTPHeaders):
HTTP/1.1 200 OK Date: Sat, 16 Oct 2010 07:56:17 GMT Server: Apache/2.2.16 (Win32) PHP/5.3.3 X-Powered-By: PHP/5.3.3 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html
To hide it, you have to modify the Apache and PHP configuration file.
Hide Apache “Server” information
Open httpd.conf file using text editor and add /modify the directive as follows:
ServerSignature Off ServerTokens Prod
Hide PHP “X-Powered-By” information
Open php.ini file using text editor and modify the line containing “expose_php = On” and set it to Off:
expose_php = Off
After making changes, you need to restart your Apache Web server.