How to remove IIS server information from the response header?

#howto #iis #remove #header

How to remove IIS server information from the response header?

(Tested on IIS 10.0, ASP.NET MVC 5)

Add/Edit three lines of code in web.config as below

Line 1

<httpRuntime targetFramework="4.7.2" enableVersionHeader="false" />

Line 2

<remove name="X-Powered-By" />

Line 3

<requestFiltering removeServerHeader="true" />

Overview

...
<system.web>
    <compilation debug="true" targetFramework="4.7.2" />
    <httpRuntime targetFramework="4.7.2" enableVersionHeader="false" />
</system.web>
<system.webServer>
    <httpProtocol>
        <customHeaders>
            <remove name="X-Powered-By" />
        </customHeaders>
    </httpProtocol>
    <security>
        <requestFiltering removeServerHeader="true" />
    </security>
</system.webServer>
...

DEV Community

How to remove IIS server information from the response header?

How to remove IIS server information from the response header?

Add/Edit three lines of code in web.config as below

Overview

Top comments (0)

Read next

My Docker stack to deploy a Django + Celery web app

60 Test Case Examples for HealthCare Domain Testing

Reddit CPO talks new features — better translations, moderation and dev tools

Zero-Downtime Deployment with Laravel Forge