loading...

How to remove IIS server information from the response header?

ssmak profile image Steve Mak ・1 min read

How to remove IIS server information from the response header?

(Tested on IIS 10.0, ASP.NET MVC 5)

Add/Edit three lines of code in web.config as below

Line 1

<httpRuntime targetFramework="4.7.2" enableVersionHeader="false" />

Line 2

<remove name="X-Powered-By" />

Line 3

<requestFiltering removeServerHeader="true" />

Overview

...
<system.web>
    <compilation debug="true" targetFramework="4.7.2" />
    <httpRuntime targetFramework="4.7.2" enableVersionHeader="false" />
</system.web>
<system.webServer>
    <httpProtocol>
        <customHeaders>
            <remove name="X-Powered-By" />
        </customHeaders>
    </httpProtocol>
    <security>
        <requestFiltering removeServerHeader="true" />
    </security>
</system.webServer>
...

Discussion

pic
Editor guide