In some scenarios, you may need to unset or remove HTTP headers in order to have remove systems correctly parse information or complete security checklists.

This article will step you through the process of removing these headers from your website.


Removing the headers for your technology does not increase your security. Nearly every Content Management System (CMS) or technology stack can be easily identified based on a number of factors other than HTTP headers.


  1. Login to your Plesk instance.
  2. Select the website you wish to modify the HTTP headers from.
  3. Go to apache and nginx settings:
    how to remove http headers
  4. At the bottom, go to Additional directives for HTTP and add the header you wish to unset.

    Header unset X-Powered-By;

    This should look similar to:

    how to remove http headers

Click OK to save the settings and test that the header is now unset.


Not all headers can be unset. If you require changes beyond extra headers added by frameworks and CMS’s, you may require a Virtual Private Server where it can be customised further.

Was this article helpful?

Related Articles