Remove X-AspNet-Version and X-Powered-By HTTP Header using IIS

When an HTTP request is made to a web server (like IIS), HTTP headers are transferred from the Browser to the webserver and vice-versa. The HTTP Headers sent by IIS to the browser gives information like how to render the content or gives information about the web server software, version etc.

One such HTTP Headers is the X-Powered-By and X-AspNet-Version which tells the browser that the site is powered by ASP.NET and the ASP.NET version that is used by the web server. Here’s a screenshot that shows the Response Headers using FireBug. You can clearly see both the headers, which shows that my IIS is powered by ASP.NET and its version is 4.0.30319


Remove X-AspNet-Version HTTP Header

If for some reason (like saving bytes in high traffic sites), you want to prevent this Header from being sent to the browser, use the following configuration in your web.config file


Here we are setting the enableVersionHeader property to false in the <httpRuntime> tag

Remove X-Powered-By HTTP Header

In order to remove the X-Powered-By HTTP Header, browse to the site in IIS 7 Manager and locate ‘HTTP Response Headers’

IIS Http Response Header

Double click ‘HTTP Response Headers’ and click on Remove.

IIS Http Response Header

Now when you request the same site again, you will find that both the HTTP Headers X-Powered-By and X-AspNet-Version are no more sent by IIS to the browser

HTTP Header Removed

Will you give this article a +1 ? Thanks in advance

About The Author

Suprotim Agarwal
Suprotim Agarwal, ASP.NET Architecture MVP (Microsoft Most Valuable Professional) works as an Architect Consultant and provides consultancy on how to design and develop Web applications.

Suprotim is also the founder and primary contributor to DevCurry, DotNetCurry and SQLServerCurry. He is the Editor of a Developer Magazine called DNC Magazine. He has also written two EBooks 51 Recipes using jQuery with ASP.NET Controls. and The Absolutely Awesome jQuery CookBook

Follow him on twitter @suprotimagarwal


Anonymous said...

Super cool IIS tip! I will add this one to my performance checklist.

Save every byte!

Anonymous said...

You can also remove Server and X-AspNetMvc-Version if you use ASP.NET MVC