Current Location: Home> Latest Articles> How to Effectively Remove Specific Fields from HTTP Response Headers Using the header_remove Function?

How to Effectively Remove Specific Fields from HTTP Response Headers Using the header_remove Function?

gitbox 2025-07-02

How to effectively remove specific fields from HTTP response headers using the header_remove() function?

In PHP, the header_remove() function is a very useful tool that helps developers delete specific header fields before sending HTTP response headers. This is especially convenient when handling web requests that require customizing HTTP response headers, adjusting, or removing certain header fields.

What is the header_remove() function?

The header_remove() function removes a specific field from the already set HTTP response headers. When called without any parameters, it removes all header fields; if a field name is passed, it only removes the corresponding field.

Syntax:

<span><span><span class="hljs-title function_ invoke__">header_remove</span></span><span>(</span><span><span class="hljs-keyword">string</span></span><span> </span><span><span class="hljs-variable">$name</span></span><span> = </span><span><span class="hljs-literal">null</span></span><span>): </span><span><span class="hljs-keyword">void</span></span><span>
</span></span>

  • $name: An optional parameter specifying the name of the HTTP header field to remove. If this parameter is not provided, all HTTP header fields will be removed.

How to use the header_remove() function?

Example 1: Remove all HTTP response headers

<span><span><span class="hljs-meta">&lt;?php</span></span><span>
</span><span><span class="hljs-comment">// Set some HTTP response headers</span></span><span>
</span><span><span class="hljs-title function_ invoke__">header</span></span><span>(</span><span><span class="hljs-string">"X-Powered-By: PHP/7.4"</span></span><span>);
</span><span><span class="hljs-title function_ invoke__">header</span></span><span>(</span><span><span class="hljs-string">"Content-Type: text/html; charset=UTF-8"</span></span><span>);
</span><span><span class="hljs-title function_ invoke__">header</span></span><span>(</span><span><span class="hljs-string">"Cache-Control: no-cache"</span></span><span>);
<p></span>// Remove all HTTP response headers<br>
header_remove();</p>
<p>// Output response content<br>
echo "All HTTP header fields have been removed.";<br>
?><br>
</span>

In the example above, the header_remove() function is called without any parameters, which removes all previously set HTTP response headers.

Example 2: Remove a specific HTTP response header

<span><span><span class="hljs-meta">&lt;?php</span></span><span>
</span><span><span class="hljs-comment">// Set some HTTP response headers</span></span><span>
</span><span><span class="hljs-title function_ invoke__">header</span></span><span>(</span><span><span class="hljs-string">"X-Powered-By: PHP/7.4"</span></span><span>);
</span><span><span class="hljs-title function_ invoke__">header</span></span><span>(</span><span><span class="hljs-string">"Content-Type: text/html; charset=UTF-8"</span></span><span>);
</span><span><span class="hljs-title function_ invoke__">header</span></span><span>(</span><span><span class="hljs-string">"Cache-Control: no-cache"</span></span><span>);
<p></span>// Remove a specific HTTP response header<br>
header_remove("X-Powered-By");</p>
<p>// Output response content<br>
echo "The X-Powered-By header has been removed.";<br>
?><br>
</span>

In this example, header_remove("X-Powered-By") removes the X-Powered-By response header, while other headers like Content-Type and Cache-Control remain intact.

Common scenarios for using header_remove()

  1. Removing sensitive header information:
    Certain HTTP headers, such as X-Powered-By, may reveal the PHP version used by the server, which poses a security risk. In production environments, developers can use the header_remove() function to remove such sensitive information and reduce potential security threats.

  2. Customizing HTTP response headers:
    In some specific situations, developers might need to modify or remove default HTTP header fields based on conditions, such as removing browser cache-related headers or headers related to cross-origin requests.

  3. Handling cache control:
    During development, it may be necessary to control caching strategies by removing fields like Cache-Control or Expires, ensuring that clients always receive the most up-to-date content on each request.

Notes

  • Timing of calls: The header_remove() function must be called before the HTTP response headers are sent. Once headers are sent to the client, modifying them will have no effect.

  • Only removes fields: The header_remove() function only removes specific HTTP response header fields and does not affect other fields.

  • Case-insensitive: Note that field names used in header_remove() are case-insensitive.

Summary

PHP’s header_remove() function offers developers a simple way to remove specific fields from HTTP response headers. By using this function properly, developers can more precisely control the content of HTTP headers when sending responses, enhancing the security, flexibility, and performance of their websites.

Related