how to remove server info via in web.config

Question

I have removed the x-powered-by using <httpProtocol>

<httpProtocol>
      <customHeaders>
        <remove name="X-Powered-By" />
       <remove name="Server" />
      </customHeaders>
</httpProtocol>

This hides the X-Powered-By but the server (IIS info ) is still not getting removed

It would be good if there is a way where I can remove all the info in the Response Header

How can i do it?

possible duplicate of [Removing/Hiding/Disabling excessive HTTP response headers in Azure/IIS7 without UrlScan](http://stackoverflow.com/questions/12803972/removing-hiding-disabling-excessive-http-response-headers-in-azure-iis7-without) — CrazyPyro, Mar 16 '15 at 17:31
See [this question](https://stackoverflow.com/questions/12803972/removing-hiding-disabling-excessive-http-response-headers-in-azure-iis7-without/21064912#21064912) for how to do this without UrlScan. — CrazyPyro, Mar 16 '15 at 17:32

score 0 · Answer 1 · answered Nov 15 '13 at 12:30

I believe you need UrlScan to remove the IIS info.

The particular setting you need to configure is: RemoveServerHeader

By default, a Web server returns a header that identifies what Web server software it is running in all responses. This can increase the server vulnerability because an attacker can determine that a server is running IIS and then attack known IIS problems, instead of trying to attack an IIS server by using exploits that are designed for other Web servers. By default, this option is set to 0. If you set the RemoveServerHeader option to 1, you prevent your server from sending the header that identifies it as an IIS server. If you set RemoveServerHeader to 0, this header is still sent.

The problem is I dont have control over the server. Thats why I am trying to do it via the application — Vignesh Subramanian, Nov 15 '13 at 12:49

how to remove server info via in web.config

1 Answers1