HTTP header fields are components of the header section of a request and response messages in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.
A header field consist of a name and value. The Response headers are important in particular, as they provide details regarding the data being sent, also specif information’s upon the server and deployed software. There are two type of response headers, common standard and common non-rwey fields.
X-Powered-By is a common non-rwey field which specifies the technology (e.g. ASP.NET, PHP, JBoss) supporting the web application (version details are often in X-Runtime
X-Version
X-AspNet-Version
.
This is generally a very important piece of information that hacker try to obtain as it will reveal potential flaws, bugs and way into the system. On WordPress this header field is being overwrite by many plugins like W3 Cache, WP Rocket with their own plugin name. This is still potentially dangerous as treats the WordPress framework being installed and the particular plugin version.
Pingback is one of four types of linkback methods for Web authors to request notification when somebody links to one of their documents. This enables authors to keep track of who is linking to, or referring to their articles. Pingback-enabled resources must either use an X-Pingback header or contain a element to the XML-RPC script.
WP-Hide plugin support the above headers field replacement, using a clean method through .htaccess Apache rules.
Remove Custom Header
This functionality is available for PRO version.
This option provide the possibility to remove individual headers in Response Headers list. Each should be added on individual line:
Remove Server Signature
This functionality is available for PRO version.
As default, a server outputs a Server Header which outputs details on used system configuration. This functionality prevents the details from being shown.