HTTP Header

X-Powered-By

Response

Indicates the server-side technology or framework powering the application.

HTTP header reference, syntax, examples, and developer usage.

What is the X-Powered-By header?

The X-Powered-By HTTP header is used to transmit metadata between a client and server as part of HTTP requests or responses.

HTTP headers define how content should be interpreted, cached, authenticated, secured, or processed by browsers and APIs.

Direction

This is a response header sent by the server to the client.

Syntax

X-Powered-By: <technology>

Example

X-Powered-By: Express

Common use cases

Identifying the backend framework during debugging
Automatically set by frameworks like Express, PHP, and ASP.NET
Sometimes used for server fingerprinting

Common mistakes

Using the header in the wrong request or response context
Sending invalid header values
Incorrect header syntax
Assuming the header automatically changes server behaviour

Practical developer insight

X-Powered-By is a non-standard header added automatically by many frameworks. While useful during development, it should be removed or obscured in production as it reveals technology stack details to potential attackers. In Express, use app.disable('x-powered-by') to suppress it.

Related headers

server x-generator