In Express >= 3.0.0rc5:

在 Express >= 3.0.0rc5 中：

app.disable('x-powered-by');

Here is a simple middleware that removes the header in earlier versions of Express:

这是一个简单的中间件，它删除了早期 Express 版本中的标头：

app.use(function (req, res, next) {
  res.removeHeader("x-powered-by");
  next();
});

Just to piggy-back on rHyman's answer, you could also (optionally) just change (set) the X-powered-by header to something much cooler/custom like this:

只是为了支持 rHyman 的回答，您也可以（可选）将 X-powered-by 标头更改（设置）为更酷/自定义的东西，如下所示：

app.use(function (req, res, next) {
  res.header("X-powered-by", "Blood, sweat, and tears")
  next()
})

As of Express v3.0.0rc5, support for disabling the X-Powered-Byheader is built in:

从 Express v3.0.0rc5 开始，X-Powered-By内置了对禁用标头的支持：

var express = require('express');

var app = express();
app.disable('x-powered-by');

From the source (http://expressjs.com/en/api.html#app.set). In Express 4.X just set the app using the line below;

从源（http://expressjs.com/en/api.html#app.set）。在 Express 4.X 中，只需使用下面的行设置应用程序；

app.set('x-powered-by', false) // hide x-powered-by header!

Here's a handy middleware you can drop in to swap out X-Powered-By:

这是一个方便的中间件，您可以使用它来更换 X-Powered-By：

function customHeaders( req, res, next ){
  // Switch off the default 'X-Powered-By: Express' header
  app.disable( 'x-powered-by' );

  // OR set your own header here
  res.setHeader( 'X-Powered-By', 'Awesome App v0.0.1' );

  // .. other headers here

  next()
}

app.use( customHeaders );

// ... now your code goes here

Setting X-Powered by in this case would override the default 'Express', so you do not need to both disable AND set a new value.

在这种情况下设置 X-Powered by 将覆盖默认的“Express”，因此您无需禁用和设置新值。

Maybe this could be obvious to the more seasoned Express users, but only this worked for me:

也许这对于经验丰富的 Express 用户来说可能很明显，但只有这对我有用：

app.configure(function() {
    app.use(function (req, res, next) {
        res.removeHeader("X-Powered-By");
        next();
    });
});

For Hiding , X-Powered By you can use Node .js Library helmet.

对于隐藏，X-Powered By，您可以使用 Node .js 库头盔。

The Link For that is helmet

那个链接是头盔

var helmet = require('helmet');
app.use(helmet.hidePoweredBy());

Sometimes answers at the top don't work. This is my case. I have Express 4.17.1 and no one answer doesn't work. So I invented my own solution:

有时顶部的答案不起作用。这是我的情况。我有 Express 4.17.1，没有一个答案不起作用。所以我发明了自己的解决方案：

let app = express();

app.use((req, res, next) => {
  const send = res.send;
  res.send = (data) => {
    res.removeHeader('X-Powered-By');
    return send.call(res, data);
  };

  next();
});

None of the standard solutions worker for me either. After much searching I found out that we used a routes file where a new express instance was started, which was later added to the first by using app.use. Only for the routes in this new express instance the X-Powered-By header was present.

对我来说也没有标准的解决方案工作。经过大量搜索，我发现我们使用了一个路由文件，其中启动了一个新的 express 实例，后来通过使用 app.use 将其添加到第一个实例中。仅对于此新快递实例中的路由，存在 X-Powered-By 标头。

Simplistic view of issue:

简单的问题观点：

const app = express();
app.disable("x-powered-by");
app.get("/ping", (req, res) => res.send("Pong")); // <-- no X-Powered-By header

const moreRoutes = express();
moreRoutes.get("/ping", (req, res) => res.send("Pong")); // <-- X-Powered-By header still present

app.use("/api/v2", moreRoutes);

Solution was simply to create a new express.Router instead of a whole instance.

解决方案只是创建一个新的 express.Router 而不是整个实例。

const moreRoutes = express.Router();

Reading the code https://github.com/visionmedia/express/blob/master/lib/http.js#L72makes me think that you will have to live with it since it doesn't seem to be conditional.

阅读代码https://github.com/visionmedia/express/blob/master/lib/http.js#L72让我觉得你必须忍受它，因为它似乎没有条件。

If you have an nginx/apache frontend you can still remove the header with it (with mod_headers for apache and headers-more for nginx)

如果你有一个 nginx/apache 前端，你仍然可以用它删除标头（apache 使用 mod_headers，nginx 使用 headers-more）