Disable Excessive headers – IIS

/0 Comments/in /by

Methods

1. Remove the Server header by adding the following code to the Global.asax.cs file in your project:

 protected void Application_PreSendRequestHeaders(object sender, EventArgs e)
 {
    Response.Headers.Remove("X-AspNet-Version");
    Response.Headers.Set("Server","FooServer");
 }

2. To remove the X-AspNet-Version header set the following, in the Web.config:

<configuration>
  <system.web>
    <httpRuntime enableVersionHeader="false" />
  </system.web>
</configuration>

3. To remove X-AspNetMvc-Version, add the following line in the Application_Start event in Global.asax:

protected void Application_Start()
{
    MvcHandler.DisableMvcResponseHeader = true;
}

4. To remove the X-Powered-By header set the following in the Web.config file:

<configuration>
  <system.webServer>
    <httpProtocol>
      <customHeaders>
        <remove name="X-Powered-By" />
      </customHeaders>
    </httpProtocol>
  </system.webServer>
</configuration>

5. To suppress all the other headers ensure that the Web.config contains the following xml:


<configuration>
  <nwebsec>
    <httpHeaderModule>
      <suppressVersionHttpHeaders enabled="true" />
    <httpHeaderModule>
  </nwebsec>
</configuration>

6. Alternatively, follow the following instructions of IIS configuration:
https://blogs.msdn.microsoft.com/varunm/2013/04/23/remove-unwanted-http-response-headers/

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *