Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Nginx webserver.

  1. PHP-FPM adds X-Powered-By by default. Disable it in php.ini:

  2. expose_php = Off

  3. Restart PHP-FPM:

    sudo systemctl restart php8.x-fpm

  4. Alternatively, strip the header in Nginx:

    fastcgi_hide_header X-Powered-By;
proxy_hide_header X-Powered-By;

  5. Reload Nginx:

    sudo systemctl reload nginx
Back to top