| Server IP : 68.183.124.220 / Your IP : 216.73.216.141 Web Server : Apache/2.4.18 (Ubuntu) System : Linux Sandbox-A 4.4.0-210-generic #242-Ubuntu SMP Fri Apr 16 09:57:56 UTC 2021 x86_64 User : gavin ( 1000) PHP Version : 7.0.33-0ubuntu0.16.04.16 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /home/gavin/workspace/happymandarin/node_modules/hide-powered-by/ |
Upload File : |
Hide X-Powered-By
=================
[](https://travis-ci.org/helmetjs/hide-powered-by)
[](http://standardjs.com/)
Simple middleware to remove the `X-Powered-By` HTTP header if it's set.
Hackers can exploit known vulnerabilities in Express/Node if they see that your site is powered by Express (or whichever framework you use). For example, `X-Powered-By: Express` is sent in every HTTP request coming from Express, by default. This won't provide much security benefit ([as discussed here](https://github.com/strongloop/express/pull/2813#issuecomment-159270428)), but might help a tiny bit. It will also improve performance by reducing the number of bytes sent.
```javascript
var hidePoweredBy = require('hide-powered-by')
app.use(hidePoweredBy())
```
You can also explicitly set the header to something else, if you want. This could throw people off:
```javascript
app.use(hidePoweredBy({ setTo: 'PHP 4.2.0' }))
```
Note: if you're using Express, you don't need this middleware and can just do this:
```javascript
app.disable('x-powered-by')
```