How to remove Server, X-AspNet-Version, X-AspNetMvc-Version and X-Powered-By from the response header in IIS7

You can check your response headers by using Firebug add-on for Firefox or just hit Ctrl+J in Chrome.

Unwanted info:

Server Microsoft-IIS/7.5
X-AspNetMvc-Version 3.0
X-AspNet-Version 4.0.303319
X-Powered-By ASP.NET


1. Removing X-AspNet-Version

In web.config stick this line in

      <httpRuntime enableVersionHeader="false"/>

2. Removing X-AspNetMvc-Version

In Global.asax.cs add this line:

protected void Application_Start()
    MvcHandler.DisableMvcResponseHeader = true;

3. Removing or changing Server

Add this module class to your project.

using System;
using System.Web;

namespace Project.Infrastructure.Web.Modules.Http
    public class CustomHeaderModule : IHttpModule
        public void Init(HttpApplication context)
            context.PreSendRequestHeaders += OnPreSendRequestHeaders;

        public void Dispose() { }

        void OnPreSendRequestHeaders(object sender, EventArgs e)
            // Or you can set something funny
	    HttpContext.Current.Response.Headers.Set("Server", "CERN httpd");

And add set it in web config

        <add name="CustomHeaderModule" type="StrongNamespace.HttpModules.CustomHeaderModule" />

4. Removing or changing X-Powered-By

Go to IIS7 Management Console and open HTTP Response Headers

And that should be it!


You may also like...