diff --git a/src/main/java/io/openliberty/website/SecurityFilter.java b/src/main/java/io/openliberty/website/SecurityFilter.java
index d4dcd3a84..c26fb3884 100644
--- a/src/main/java/io/openliberty/website/SecurityFilter.java
+++ b/src/main/java/io/openliberty/website/SecurityFilter.java
@@ -59,6 +59,9 @@ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain
         } else if ("https".equals(req.getScheme())) {
             // If HTTPS is configured this sets a bunch of security headers
 
+            // Remove X-Powered-By header to prevent information disclosure (OWASP recommendation)
+            response.setHeader("X-Powered-By", "");
+            
             // Tell browsers that this site should only be accessed using HTTPS, instead of using HTTP.
             // IncludeSubDomains and 1 year set per OWASP.
             response.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");