The "X-Powered-By" HTTP Header and Mod_Rails
If you’re like me and don’t like flaunting your server’s version numbers to would-be hackers, you’ll want to surpress the “X-Powered-By” and maybe also the “X-Runtime” http response headers which Mod_Rails (aka Passenger) creates. This can be done by simply enabling the Apache headers module and adding the following to your Apache config or vhost file:
Header always unset "X-Powered-By"
Header always unset "X-Runtime"I don’t know why Phusion hasn’t made it a config option to be able to suppress those headers without the need for enabling the headers module, but hopefully they will soon.
Leave a comment..
Hello there!
My name is Damien Timewell. I'm a web lover, ruby hacker and general technophile from Congleton, Cheshire.
