How to remove IIS server information from the response header?

#howto #iis #remove #header

How to remove IIS server information from the response header?

(Tested on IIS 10.0, ASP.NET MVC 5)

Add/Edit three lines of code in web.config as below

Line 1

<httpRuntime targetFramework="4.7.2" enableVersionHeader="false" />

Line 2

<remove name="X-Powered-By" />

Line 3

<requestFiltering removeServerHeader="true" />

Overview

...
<system.web>
    <compilation debug="true" targetFramework="4.7.2" />
    <httpRuntime targetFramework="4.7.2" enableVersionHeader="false" />
</system.web>
<system.webServer>
    <httpProtocol>
        <customHeaders>
            <remove name="X-Powered-By" />
        </customHeaders>
    </httpProtocol>
    <security>
        <requestFiltering removeServerHeader="true" />
    </security>
</system.webServer>
...

DEV Community

How to remove IIS server information from the response header?

How to remove IIS server information from the response header?

Add/Edit three lines of code in web.config as below

Overview

Top comments (0)

Read next

Should You Customize Your Resume for Every Job? Here's What I Learned After Applying to 100 Roles

Effective Methods for Troubleshooting Deadlocks in SQL Server

How Edge Computing is Revolutionizing Data Processing and IoT Applications

Cracking the Proxy Puzzle: Forward vs Reverse 🧩