How to remove IIS server information from the response header?
(Tested on IIS 10.0, ASP.NET MVC 5)
Add/Edit three lines of code in web.config as below
Line 1
<httpRuntime targetFramework="4.7.2" enableVersionHeader="false" />
Line 2
<remove name="X-Powered-By" />
Line 3
<requestFiltering removeServerHeader="true" />
Overview
...
<system.web>
<compilation debug="true" targetFramework="4.7.2" />
<httpRuntime targetFramework="4.7.2" enableVersionHeader="false" />
</system.web>
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
<security>
<requestFiltering removeServerHeader="true" />
</security>
</system.webServer>
...
Top comments (0)