disabling X-PHP-Script and X-Souce-Dir headers from email?


Apr 15, 2011
I am actually not sure if this is CPanel/WHM related, but when googling around I was pointed in this direction, so here goes:

Any email I send with PHP's mail() function automatically contains some headers revealing info about my source script, such as X-PHP-Script: and X-Source-Dir:

I've been looking everywhere to disable this, including php.ini, but can't find anything. Does anyone know if this is indeed some CPanel or WHM setting / feature, and is there a way to disable it?


Quality Assurance Analyst
Staff member
Oct 2, 2010
somewhere over the rainbow
cPanel Access Level
Root Administrator
This is likely stemming from WHM > EasyApache (Apache Update) having had "MailHeaders" selected under the PHP Options in the Exhaustive Options list. Here are details on what that option does:

CHOON.NET : Resources : Scripts & Patches : PHP Mail Header Patch

This is a security feature that allows the server administrator to track down the script being used whenever an email is sent in case someone is trying to spam. If you are the server owner and decide to shut this off, you will be ensuring anyone else on the machine won't have this information logged for you to track it down later as well.