Why can't the "Server" Response Header be removed via web.config in IIS7?

asp.net iis-7 response-headers
David Murdoch picture David Murdoch · Sep 9, 2010 · Viewed 16.5k times · Source

Remove Server Response Header IIS7

I know how to remove the Server response header with an HTTP Module based on the link above.

I just want to know why it is necessary to remove it this way.

Answer

NotMe picture NotMe · Jan 3, 2011

The comments in Aristos link gives as good an answer to the Why.

It boils down to MS not wanting to easily let people modify this value. Whether for marketing or other purposes is open to interpretation.

One thing to take away from that discussion is that modifying the server header is not useful for any sort of security. There are a myriad of ways that you can detect exactly what kind (and version) of web server software is running.

Which leaves us with only one reason to do so: to save bytes. Unless you're running an extremely high traffic site this isn't a concern. If you are running a high traffic site then you are more than likely already running one or more custom modules.

Related questions

Removing/Hiding/Disabling excessive HTTP response headers in Azure/IIS7 without UrlScan

I need to remove excessive headers (primarily to pass penetration testing). I have spent time looking at solutions that involve running UrlScan, but these are cumbersome as UrlScan needs to be installed each time an Azure instance is started. There …

Read More
IIS 500.19 with 0x80070005 The requested page cannot be accessed because the related configuration data for the page is invalid error

I want to upload my own asp.net website on IIS with IIS Manager. But when I do this, I get the following error HTTP Error 500.19 - Internal Server Error The requested page cannot be accessed because the related configuration …

Read More
How do I resolve "HTTP Error 500.19 - Internal Server Error" on IIS7.0

What causes this error, how can I fix it? Detailed Error Information Module IIS Web Core Notification BeginRequest Handler Not yet determined Error Code 0x8007052e Config Error Can not log on locally to C:\inetpub\wwwroot as user administrator …

Read More