How do I fix info disclosure x powered by on Wix Studio?

Same as Wix above — Wix Studio sites run on Wix's managed infrastructure. HTTP headers cannot be configured by the site owner. For Wix Studio sites using Velo backend functions that proxy to external services, suppress X-Powered-By at the external service layer.

How to fix info disclosure x powered by on Wix Studio

Remove or mask the X-Powered-By HTTP response header to stop advertising your server technology stack to attackers.

Steps for Wix Studio

Same as Wix above — Wix Studio sites run on Wix's managed infrastructure. HTTP headers cannot be configured by the site owner.
For Wix Studio sites using Velo backend functions that proxy to external services, suppress X-Powered-By at the external service layer.

Official Wix Studio documentation ↗

# Nginx — strip X-Powered-By in server block
more_clear_headers 'X-Powered-By';

# Apache .htaccess — unset header
Header unset X-Powered-By

# PHP — suppress PHP version header
expose_php = Off          # php.ini
header_remove('X-Powered-By');  # PHP code

# Next.js — next.config.js
module.exports = {
  poweredByHeader: false,
};

What is info disclosure x powered by?

Every time someone visits your store, your web server sends back a set of "headers" — invisible metadata that browsers and tools can read. One of these, X-Powered-By, often announces exactly what software is running your site (e.g., "WP Engine", "PHP/8.1", "Express"). This header serves no useful purpose for your customers but acts like a neon sign telling attackers which known vulnerabilities to target. Removing or masking it is a simple hardening step that reduces your visible attack surface.

Attackers routinely scan millions of sites for this header and then cross-reference the disclosed technology with published CVE vulnerability databases — meaning an exposed X-Powered-By header can make your store a faster, easier target for automated exploits. While removing it doesn't fix underlying vulnerabilities, it raises the effort required to fingerprint your stack and is a baseline expectation in security audits and PCI-DSS compliance reviews. Failing this check can flag your store in penetration tests, risk assessments, and payment-processor security questionnaires, potentially affecting your ability to process cards. It is specifically called out under OWASP A05:2021 – Security Misconfiguration as an information-disclosure risk.

See the complete Info disclosure x powered by guide for every platform and the full background.

Not sure if your Wix Studio store has this?

Run a free SEOLZ audit — we’ll find info disclosure x powered by and every other issue across your whole site.

Scan my site free

How to fix info disclosure x powered by on Wix Studio

Steps for Wix Studio

What is info disclosure x powered by?

Not sure if your Wix Studio store has this?

Fix info disclosure x powered by on another platform