The HTTP X-Powered-By request header is an optional and unofficial HTTP header, used to indicate the technology stack used on the server-side.


The HTTP X-Powered-By request header is often by default included by popular server and/or scripting software to indicate the name and version number used when generating the HTTP response.

When present, the values of this HTTP header can easily be manipulated or be incomplete, and therefore can not be trusted. However often the HTTP X-Powered-By header is disabled to avoid malicious third parties from exploiting potential vulnerabilities of the server software used.


The "X-" naming convention for HTTP headers, "X" referring to "experimental", has been deprecated and need to be transitioned to formal naming convention for HTTP headers.



X-Powered-By: Nginx


The HTTP X-Powered-By request header is an unofficial HTTP header and can be used by servers to send their name and version of software used to serve the HTTP request.

See also

Last updated: June 20, 2022