2

I'd like to remove the following headers:

Connection: Keep-Alive
Server: Apache/2.2.13 (Win32)
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=66
Improve this question
2
  • 4
    Do you even know what these header fields are used for? Commented Dec 31, 2010 at 12:07
  • 2
    uhmm ..yeah, i think they speak for themselves? Commented Jan 8, 2011 at 14:59

3 Answers 3

Reset to default
5

I don't think this can be done properly in PHP, as these headers are set by Apache.

There is PHP 5.3's header_remove() but that can remove only headers set by PHP (If I understand correctly). You could also overwrite the undesired headers by sending them again with empty values, but the original values will be sent anyway.

The best thing would be to fix this at the root, in Apache's configuration. For example, the ServerTokens directive can change the "Server:" header.

Related: apache_response_headers()

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

What do you mean by "set by PHP"? Do you consider Host, Connection, Content-Type, and X-Powered-By "set by PHP"?
@Pacerier header_remove() can only remove headers set previously by header() within PHP. The first two headers you mention are generally set by Apache. Whether x-powered-by can be removed using header_remove() I don't know, but I would guess no. Content-type can be set by the PHP script and when it is, it can probably be revoked by header_remove().
I seem to be able to remove x-powered-by here. Isn't this set by Apache? Where is the line between Apache and PHP?
@Pacerier it's probably set by PHP
2

You could turn your script into a non-parsed-header CGI. For that you have to rename your example.php script into nph-script.cgi, make it executable (+x) and add the shebang:

#!/usr/bin/php-cgi
<?php

This requires you to send ALL http headers yourself however, including the HTTP/1.0 200 OK status line. (see rfc2616 php.ini config)

Oh, and actually I have no clue if this still works for current Apache versions.

Improve this answer

2 Comments

What's the equivalent of #!/usr/bin/php-cgi on Windows?
@Pacerier There isn't a true equivalent. You'll have strip the shebang, bind the .php file extension to the cgi interpreter, or manuall invoke it.
0

Using PHP (or any other server site language) and sending the header Connection: close. This will cause Apache to omit the Keep-Alive header, since the connection is no longer keepalive. e.g.

header('Connection: close');

Not sure if it works same on all types of servers, suggestions welcome.

Read More here

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.