How to remove Server, X-AspNet-Version, X-AspNetMvc-Version and X-Powered-By from the response header in IIS7

Friday 21st, October 2011 / 07:07 Written by

You can check your response headers by using Firebug add-on for Firefox or just hit Ctrl+J in Chrome.

Unwanted info:

Server Microsoft-IIS/7.5
X-AspNetMvc-Version 3.0
X-AspNet-Version 4.0.303319
X-Powered-By ASP.NET

 

1. Removing X-AspNet-Version

In web.config stick this line in


<system.web>
      <httpRuntime enableVersionHeader="false"/>
	...

2. Removing X-AspNetMvc-Version

In Global.asax.cs add this line:


protected void Application_Start()
{
    MvcHandler.DisableMvcResponseHeader = true;
}

3. Removing or changing Server

Add this module class to your project.


using System;
using System.Web;

namespace Project.Infrastructure.Web.Modules.Http
{
    public class CustomHeaderModule : IHttpModule
    {
        public void Init(HttpApplication context)
        {
            context.PreSendRequestHeaders += OnPreSendRequestHeaders;
        }

        public void Dispose() { }

        void OnPreSendRequestHeaders(object sender, EventArgs e)
        {
	     //HttpContext.Current.Response.Headers.Remove("Server");
            // Or you can set something funny
	    HttpContext.Current.Response.Headers.Set("Server", "CERN httpd");
        }
    }
}

And add set it in web config


	<system.webServer>
		<modules>
        <add name="CustomHeaderModule" type="StrongNamespace.HttpModules.CustomHeaderModule" />

4. Removing or changing X-Powered-By

Go to IIS7 Management Console and open HTTP Response Headers

And that should be it!

 

, , ,