php ini expose_php

Each scrap of information that a potential attacker can gather about a Web server increases the chances that he will successfully compromise it. One simple way to obtain key information about server characteristics is via the server signature.

For example, Apache will broadcast the following information within each response header by default:

Apache/2.2.0 (Unix) PHP/6.0.0 PHP/6.0.0-dev Server at Port 80

Disabling expose_php prevents the Web server signature (if enabled) from broadcasting the fact that PHP is installed. Although you need to take other steps to ensure sufficient server protection, obscuring server properties such as this one is nonetheless heartily recommended.

expose_php = On

Note : You can disable Apache's broadcast of its server signature by setting ServerSignature to Off in the httpd.conf file.