Remove version and software information from HTTP headers

Removing version and software information from the HTTP response header is a security configuration that obscures information about your system, making it more difficult for malicious actors to identify and exploit potential vulnerabilities.

To remove "X-Powered-By" from HTTP headers:
  1. Open a command prompt.
  2. Run the following command:
    appcmd.exe clear config /section:httpProtocol -customHeaders.[name='X-Powered-By']
  3. Perform IIS reset.
To remove "Server" from HTTP headers:
  1. Open a command prompt.
  2. Run the following command:
    appcmd.exe set config /section:system.webServer/security/requestfiltering /removeServerHeader:true
  3. Perform IIS reset.
To disable ASP versions from HTTP headers:
  1. Open the Internet Information Services (IIS) Manager.
  2. On the Connections panel, select the server name.
  3. In the middle server home panel, under Management, select Configuration Editor.
  4. In the Section drop-down list, select system.web/httpRuntime.
  5. Select the enableVersionHeader attribute and set it to False.
  6. In the top right Actions panel, click Apply.
To hide Asp.NET MVC version from HTTP headers:
  1. Open the Internet Information Services (IIS) Manager and open URL Rewrite.

    If you don't have URL Rewrite in the IIS manager, you can download it from the official Microsoft IIS website.

  2. Under Actions, click on View Server Variables.
  3. Add a server variable named RESPONSE_X-AspNetMvc-Version and click OK.
  4. Back to Actions, click on Add Rule(s).
  5. Under Outbound rules, select a Blank rule template and click OK.
  6. Set the outbound rule as follows:
    Parameter Value
    Name: removeAspNetMvcVersionHeader
    Precondition: None.
    Matching scope: Server Variable
    Variable name: RESPONSE_X-AspNetMvc-Version
    Variable value: Matches the Pattern
    Using: Regular Expressions
    Pattern: .*
    Ignore case (checkbox) Selected.
    Action type: Rewrite
    Replace existing server variable value (checkbox) Selected.
    Stop processing of subsequent rules (checkbox) Unselected.
  7. Click Apply.