Just fiddling. Give credit where credit is due. Template class header() function now supports the 'replace' argument.

class/template/Template.class.php

@@ -1389,16 +1389,23 @@ FIXME: We could make the incoming array more complex so it can
       *
       * @param mixed $headers A list of (or a single) header
       *                       text to be sent.
+      * @param boolean $replace Whether or not to replace header(s)
+      *                         previously sent header(s) of the
+      *                         same type (this parameter may be
+      *                         ignored in some implementations
+      *                         of this class if the target interface
+      *                         does not support this functionality)
+      *                         (OPTIONAL; default = TRUE, always replace).
       *
       */
-    function header($headers)
+    function header($headers, $replace=TRUE)
     {
 
         if (!is_array($headers)) $headers = array($headers);
 
         foreach ($headers as $header) {
             $this->assign('header', $header);
-            header($this->fetch('header.tpl'));
+            header($this->fetch('header.tpl'), $replace);
         }
 
     }

functions/page_header.php

@@ -41,6 +41,10 @@ function displayHtmlHeader( $title = 'SquirrelMail', $xtra = '', $do_hook = TRUE
     $oTemplate->header('Pragma: no-cache'); // http 1.0 (rfc1945)
     $oTemplate->header('Cache-Control: private, no-cache, no-store'); // http 1.1 (rfc2616)
 
+    // don't show version as a security measure
+    //$oTemplate->header('X-Powered-By: SquirrelMail/' . SM_VERSION, FALSE);
+    $oTemplate->header('X-Powered-By: SquirrelMail', FALSE);
+
     $oTemplate->assign('frames', $frames);
     $oTemplate->assign('lang', $squirrelmail_language);
 

src/style.php

@@ -180,16 +180,20 @@ if ( $lastmod = @filemtime(SM_PATH . $oTemplate->get_template_file_directory()
                          . 'css/stylesheet.tpl') ) {
     $gmlastmod = gmdate('D, d M Y H:i:s', $lastmod) . ' GMT';
     $expires = gmdate('D, d M Y H:i:s', strtotime('+1 week')) . ' GMT';
-    header('Last-Modified: ' . $gmlastmod);
-    header('Expires: '. $expires);
-    header('Pragma: ');
-    header('Cache-Control: public, must-revalidate');
+    $oTemplate->header('Last-Modified: ' . $gmlastmod);
+    $oTemplate->header('Expires: '. $expires);
+    $oTemplate->header('Pragma: ');
+    $oTemplate->header('Cache-Control: public, must-revalidate');
 }
 // Steve, why did you remove this?  Is it irrelevant now?  If so, let's 
 // remove the rest of the references to it here (note that it is being
 // used above in the filetime() statement) and elsewhere
 // $oTemplate->display('css/stylesheet.tpl');
 
+// don't show version as a security measure
+//$oTemplate->header('X-Powered-By: SquirrelMail/' . SM_VERSION, FALSE);
+$oTemplate->header('X-Powered-By: SquirrelMail', FALSE);
+
 /**
  * Additional styles are now handled by adding stylesheets to 
  * templates/<template>/css/, so here, we simply define some