DEV Community

Steve Mak
Steve Mak

Posted on • Edited on

How to remove IIS server information from the response header?

How to remove IIS server information from the response header?

(Tested on IIS 10.0, ASP.NET MVC 5)

Add/Edit three lines of code in web.config as below

Line 1

<httpRuntime targetFramework="4.7.2" enableVersionHeader="false" />
Enter fullscreen mode Exit fullscreen mode

Line 2

<remove name="X-Powered-By" />
Enter fullscreen mode Exit fullscreen mode

Line 3

<requestFiltering removeServerHeader="true" />
Enter fullscreen mode Exit fullscreen mode

Overview

...
<system.web>
    <compilation debug="true" targetFramework="4.7.2" />
    <httpRuntime targetFramework="4.7.2" enableVersionHeader="false" />
</system.web>
<system.webServer>
    <httpProtocol>
        <customHeaders>
            <remove name="X-Powered-By" />
        </customHeaders>
    </httpProtocol>
    <security>
        <requestFiltering removeServerHeader="true" />
    </security>
</system.webServer>
...
Enter fullscreen mode Exit fullscreen mode

Top comments (0)