Created
November 13, 2018 09:54
-
-
Save h09shais/3ddc7fa2d96ecf422893b0132bca67b7 to your computer and use it in GitHub Desktop.
Headers ain’t headers !
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Ref: https://www.troyhunt.com/shhh-dont-let-your-response-headers/ | |
| Not all headers are created equal and the way we turn them off within the Microsoft stack differs. Let’s recap on the ones we saw earlier on: | |
| Server: The web server software being run by the site. Typical examples include “Microsoft-IIS/7.5”, “nginx/1.0.11” and “Apache”. | |
| X-Powered-By: The collection (there can be multiple) of application frameworks being run by the site. Typical examples include: “ASP.NET”, “PHP/5.2.17” and “UrlRewriter.NET 2.0.0”. | |
| X-AspNet-Version: Obviously an ASP.NET only header, typical examples include “2.0.50727”, “4.0.30319” and “1.1.4322”. | |
| X-AspNetMvc-Version: Again, you’ll only see this in the ASP.NET stack and typical examples include “3.0”, “2.0” and “1.0”. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment