DEV Community

Steve Mak
Steve Mak

Posted on

How to remove IIS server information from the response header?

How to remove IIS server information from the response header?

(Tested on IIS 10.0, ASP.NET MVC 5)

Add/Edit three lines of code in web.config as below

Line 1

<httpRuntime targetFramework="4.7.2" enableVersionHeader="false" />
Enter fullscreen mode Exit fullscreen mode

Line 2

<remove name="X-Powered-By" />
Enter fullscreen mode Exit fullscreen mode

Line 3

<requestFiltering removeServerHeader="true" />
Enter fullscreen mode Exit fullscreen mode

Overview

...
<system.web>
    <compilation debug="true" targetFramework="4.7.2" />
    <httpRuntime targetFramework="4.7.2" enableVersionHeader="false" />
</system.web>
<system.webServer>
    <httpProtocol>
        <customHeaders>
            <remove name="X-Powered-By" />
        </customHeaders>
    </httpProtocol>
    <security>
        <requestFiltering removeServerHeader="true" />
    </security>
</system.webServer>
...
Enter fullscreen mode Exit fullscreen mode

Discussion (0)