How to remove PHP version from the X-Powered-By HTTP header on Plesk server?

Log in to Plesk.

Navigate to Domains > example.com > PHP Settings.

Put the following line to the Additional configuration directives section:

expose_php = off

Verify that the header is not shown anymore:

# curl -sIL example.com/index.php | grep -c PHP

Connect to the Plesk server via SSH.

Note: If direct SSH access to the server is not possible, contact server administrator for further assistance.

Check if php.ini file for the handler contains the expose_php directive:

# cat /opt/plesk/php/X.X/etc/php.ini | grep expose_php
expose_php = On

• where X.X - a PHP version, e.g. 5.6, 7.0, 7.1, etc

If the directive is present (the output of the command from step 2 is the same), change expose_php = On to expose_php = Off.
If not, create a new .ini configuration file in the appropriate PHP directory:

# echo 'expose_php = off' > /opt/plesk/php/X.X/etc/php.d/hideheader.ini

• where X.X - a PHP version, e.g. 5.6, 7.0, 7.1, etc

Reload the Plesk PHP service configuration:

# service plesk-phpXX-fpm reload

• where phpXX - a PHP version, e.g. php56, php70, php71, etc.

• If the domains are using PHP FastCGI it is necessary to restart Apache webserver:

  # systemctl restart httpd

  # systemctl restart apache2

Verify that the header is not shown anymore:

# curl -sIL example.com/index.php | grep -c PHP

Connect to the Plesk server via SSH.

Note: If direct SSH access to the server is not possible, contact server administrator for further assistance.

In /etc/psa-webmail/horde/horde/php.ini or /etc/psa-webmail/roundcube/php.ini set expose_php parameter as below:

expose_php = Off

Restart Apache:

# service httpd restart

Verify that the header is not shown anymore:

# curl -sIL webmail.example.com/index.php | grep PHP