Remove header information from responses sent by your website
Applies to |
All core roles |
Sitecore Installation Framework |
Header information not removed by default. |
Azure Toolkit |
Header information removed by default. |
SXA |
Header information removed by default. |
You can improve security and save a small amount of bandwidth if you remove the header information from each response sent by your website.
These headers contain a number of infrastructure details about the framework that is used on your website that you do not need to publicize.
Remove the X-Aspnet-Version HTTP header
If you remove the X-Aspnet-Version HTTP header information from each web page, you save a little bandwidth and ensure that you are not publicizing which version of ASP.NET you are using.
To remove the X-Aspnet-Version HTTP header from each response from ASP.NET, add the following code to the web.config
file.
<system.web>
<httpRuntime enableVersionHeader="false" />
</system.web>
For more information, see the dotnetperls website.
Remove the X-Powered-By HTTP header
If you remove the X-Powered-By HTTP header, you are not publicizing which version of ASP.NET you are using.
To remove the X-Powered-By HTTP header from each response from ASP.NET, add the following code to the web.config
file:
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>