HubSpot Ideas

carinafoo

Removing X-Powered-By

"X-Powered-By" is a common non-standard HTTP response header (most headers prefixed with an 'X-' are non-standard). It's often included by default in responses constructed via a particular scripting technology.

 

For some security tools, it comes up as a medium warning as it allows potential hackers to view the type of server the website is using. 

 

It will be great if there is a possibility to request disabling this so that it will not be shown in the HTTP Response header for HubSpot websites.

8 Replies
ksen938
Participant

This is really important to fix. Why is the x-powered-by header being exposed, when it's commonly classified as a security vulnerability?

A_S
Participant

This is a very critical item to be taken care of ASAP.

 

Hubspot team please resolve this issue.

abrahamgarcia
Member | Platinum Partner

Is there any solution to this item?

YiRui_Chua
HubSpot Employee

Hey team! I saw that we have added a set of new security settings over here. Hope we can consider having X-Powered-By options too. Thank you!

dancol
Member

did this ever get resolved?  

crosenberger
Member

It has not, been an outstanding issue from Hubspot for years. I have opened a few support tickets over the years for this and it always circles back to it has to go through idea submission and will only be taken if enough it crosses some mythical threshold of upvotes

dancol
Member

Thanks for your response Crosenberger.  such a shame hubspot refuse to fix this. 

 

Unfortunantly it will mean we need to move off hubspot.

 

 

 

CTreadwell
Participant

We're in a security audit, and this is the last issue we need to resolve. I'm hoping someone has found a custom way to make this change.

In the meantime, I have upvoted this as well.