Remove header information from responses sent by your website
How to save bandwidth by removing X-headers from Sitecores HTTP responses.
Applies to | All core roles |
Sitecore Installation Framework | Header information not removed by default. |
Azure Toolkit | Header information removed by default. |
SXA | Header information removed by default. |
You can improve security and save a small amount of bandwidth if you remove the header information from each response sent by your website.
These headers contain a number of infrastructure details about the framework that is used on your website that you do not need to publicize.
Remove the X-Aspnet-Version HTTP header
If you remove the X-Aspnet-Version HTTP header information from each web page, you save a little bandwidth and ensure that you are not publicizing which version of ASP.NET you are using.
To remove the X-Aspnet-Version HTTP header from each response from ASP.NET, add the following code to the web.config
file.
<system.web> <httpRuntime enableVersionHeader="false" /> </system.web>
For more information, see the dotnetperls website.
Remove the X-Powered-By HTTP header
If you remove the X-Powered-By HTTP header, you are not publicizing which version of ASP.NET you are using.
To remove the X-Powered-By HTTP header from each response from ASP.NET, add the following code to the web.config
file:
<system.webServer> <httpProtocol> <customHeaders> <remove name="X-Powered-By" /> </customHeaders> </httpProtocol> </system.webServer>