curl -I -L https://hostnameprotected void Application_Start()
2: {
3: ...
4: MvcHandler.DisableMvcResponseHeader = true;
5: ...
6: }<system.web>
2: ...
3: <httpRuntime enableVersionHeader="false" />
4: ...
5: </system.web><system.webServer>
2: ...
3: <httpProtocol>
4: <customHeaders>
5: <remove name="X-Powered-By" />
<remove name="X-AspNetMvc-Version"/>
6: </customHeaders>
7: </httpProtocol>
8: ...
9: </system.webServer>Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/requestFiltering" -name "removeServerHeader" -value "True"
Import-Module WebAdministration
Clear-WebConfiguration "/system.webServer/httpProtocol/customHeaders/add[@name='X-Powered-By']"
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\HTTP\Parameters -Name DisableServerHeader -PropertyType DWord -Value 1 -Force
C:\Windows\System32\inetsrv\appcmd.exe set config "Default Web Site" /section:system.webServer/security/requestFiltering /removeServerHeader:True<system.webServer>
<security>
<requestFiltering removeServerHeader="true">
</requestFiltering>
</security>
</system.webServer><rewrite>
<outboundRules rewriteBeforeCache="true">
<rule name="Remove Server header">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
</outboundRules>
</rewrite>You can use the PreSendRequestHeaders and PreSendRequestContext events with native IIS modules, but do not use them with managed modules that implement IHttpModule. Setting these properties can cause issues with asynchronous requests. The correct version is to use BeginRequest event.
protected void Application_BeginRequest(object sender, EventArgs e)
{
var application = sender as HttpApplication;
if (application != null && application.Context != null)
{
application.Context.Response.Headers.Remove("Server");
}
}