Bug in CF? X-Powered-By header not being removed!

What is the name of the domain?

beachesirrigation.ca

What is the issue you’re encountering

X-Powered-By header not being removed by CF even though the option is turned on in Managed Transforms

Was the site working with SSL prior to adding it to Cloudflare?

No

What is the current SSL/TLS setting?

Full (strict)

Can you show where you see it? I don’t see the header for your site…
https://cf.sjr.org.uk/tools/check?c1051d145e9240eda68b2965b2958c49#connection-server-https

You can scan the site here. Website Security Test | ImmuniWeb

X-Powered-By pops up every time even though it’s set not to off in CF :thinking:

It’s the old version of PHP showing up though :thinking:

I don’t see it either using cURL or in the browser.

When I put your site into ImmuniWeb it gives me a test result from 14 August. Make sure you run a new test and are not looking at old data.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.