Remove X-AspNet-Version and X-Powered-By HTTP Header using IIS

When an HTTP request is made to a web server (like IIS), HTTP headers are transferred from the Browser to the webserver and vice-versa. The HTTP Headers sent by IIS to the browser gives information like how to render the content or gives information about the web server software, version etc.

One such HTTP Headers is the X-Powered-By and X-AspNet-Version which tells the browser that the site is powered by ASP.NET and the ASP.NET version that is used by the web server. Here’s a screenshot that shows the Response Headers using FireBug. You can clearly see both the headers, which shows that my IIS is powered by ASP.NET and its version is 4.0.30319

HTTPHeadersFireBug

Remove X-AspNet-Version HTTP Header

If for some reason (like saving bytes in high traffic sites), you want to prevent this Header from being sent to the browser, use the following configuration in your web.config file

enableVersionHeader

Here we are setting the enableVersionHeader property to false in the <httpRuntime> tag

Remove X-Powered-By HTTP Header

In order to remove the X-Powered-By HTTP Header, browse to the site in IIS 7 Manager and locate ‘HTTP Response Headers’

IIS Http Response Header

Double click ‘HTTP Response Headers’ and click on Remove.

IIS Http Response Header

Now when you request the same site again, you will find that both the HTTP Headers X-Powered-By and X-AspNet-Version are no more sent by IIS to the browser

HTTP Header Removed






About The Author

Suprotim Agarwal
Suprotim Agarwal, Developer Technologies MVP (Microsoft Most Valuable Professional) is the founder and contributor for DevCurry, DotNetCurry and SQLServerCurry. He is the Chief Editor of a Developer Magazine called DNC Magazine. He has also authored two Books - 51 Recipes using jQuery with ASP.NET Controls. and The Absolutely Awesome jQuery CookBook.

Follow him on twitter @suprotimagarwal.

2 comments:

Anonymous said...

Super cool IIS tip! I will add this one to my performance checklist.

Save every byte!

Anonymous said...

You can also remove Server and X-AspNetMvc-Version if you use ASP.NET MVC

http://arturito.net/2011/10/21/how-to-remove-server-x-aspnet-version-x-aspnetmvc-version-and-x-powered-by-from-the-response-header-in-iis7/