By default, many Apache installations display version numbers and operating system versions, and even show what Apache modules are installed on the server. This information can be used by hackers, and hackers can also learn that many of the settings on the server you are configuring are the default states.
There are two statements that you need to add to your httpd.conf file:
serversignature Off
servertokens Prod
serversignature This parameter setting Appears at the bottom of a page like 404 pages, directory listings, etc. generated by Apache,
three options on| Off| The emai is mainly switched off and is recommended for off.
Servertokens This parameter sets the Apache version information returned by the HTTP header, to be safe, to display as little information as possible, and to set it off, the available values and meanings are as follows (the information displayed gradually increases):
Prod: Software name only, For example: Apache
Major: Includes the major version number, for example: APACHE/2
Minor: Include minor version number, for example: apache/2.0
Min: Full version number of Apache only, for example: apache/2.0.54
OS: Includes operating system type, for example: apache/2.0.54 (Unix)
full: Includes Apache supported module and module version number, for example: apache/2.0.54 (Unix) mod_ssl/2.0.54 openssl/0.9.7g
Remove x-powered-by only need to modify php.ini
expose_php = Off
If you need to customize headers, refer to the official website Mod_ Headers Module
Apache module mod_headers
http://httpd.apache.org/docs/2.0/mod/mod_headers.html