Each page in an MVC application I'm working with sets these HTTP headers in responses:
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 2.0
How do I prevent these from showing?
X-Powered-By
is a custom header in IIS. Since IIS 7, you can remove it by adding the following to your web.config
:
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
This header can also be modified to your needs, for more information refer to http://www.iis.net/ConfigReference/system.webServer/httpProtocol/customHeaders
Add this to web.config
to get rid of the X-AspNet-Version
header:
<system.web>
<httpRuntime enableVersionHeader="false" />
</system.web>
Finally, to remove X-AspNetMvc-Version
, edit Global.asax.cs
and add the following in the Application_Start
event:
protected void Application_Start()
{
MvcHandler.DisableMvcResponseHeader = true;
}
You can also modify headers at runtime via the Application_PreSendRequestHeaders
event in Global.asax.cs
. This is useful if your header values are dynamic:
protected void Application_PreSendRequestHeaders(object source, EventArgs e)
{
Response.Headers.Remove("foo");
Response.Headers.Add("bar", "quux");
}