1

In https://stackoverflow.com/a/18152186/147637, there is a nice example how to use powershell to remove the X-Powered-By header. That works great.

How do I , in powershell, suppress these addl headers:

  • Server
  • X-AspNet-Version
  • and the other X-Powered-By (X-Powered-By: UrlRewriter.NET 2.0.0)
Server: Microsoft-IIS/8.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-AspNet-Version: 4.0.30319
Community
  • 1
  • 1
Jonesome Reinstate Monica
  • 6,618
  • 11
  • 65
  • 112

2 Answers2

3

“X-Powered-By:” is actually inherited from the IIS root configuration.The script to remove the “X-Powered-By” header assumes you have Powershell and the Web Server (IIS) Administration Cmdlets installed and figure out the correct incantations.

Import-Module WebAdministration;
Clear-WebConfiguration "/system.webServer/httpProtocol/customHeaders/add[@name='X-Powered-By']"

For Further help, you can refer https://www.troyhunt.com/shhh-dont-let-your-response-headers/

Ranadip Dutta
  • 8,857
  • 3
  • 29
  • 45
  • Radadip, is your proposal specific to the X-Powered-By mentioned in the OP? I already do "Remove-WebConfigurationProperty -PSPath MACHINE/WEBROOT/APPHOST -Filter system.webServer/httpProtocol/customHeaders -Name . -AtElement @{name='X-Powered-By'}" -- does your command affect a diff header? – Jonesome Reinstate Monica Nov 24 '16 at 06:51
  • • Server: The web server software being run by the site. Typical examples include “Microsoft-IIS/7.5”, “nginx/1.0.11” and “Apache”. • X-Powered-By: The collection (there can be multiple) of application frameworks being run by the site. Typical examples include: “ASP.NET”, “PHP/5.2.17” and “UrlRewriter.NET 2.0.0”. • X-AspNet-Version: Obviously an ASP.NET only header, typical examples include “2.0.50727”, “4.0.30319” and “1.1.4322”. • X-AspNetMvc-Version: Again, you’ll only see this in the ASP.NET stack and typical examples include “3.0”, “2.0” and “1.0”. – Ranadip Dutta Nov 25 '16 at 02:19
  • I am talking about the above mentioned bullet pointed Headers. – Ranadip Dutta Nov 25 '16 at 02:20
2

To hide "X-AspNet-Version: 4.0.30319" use

Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT'  -Filter "system.web/httpRuntime" -name "enableVersionHeader" -value "False"

To remove "X-Powered-By" use

Remove-WebConfigurationProperty -PSPath "MACHINE/WEBROOT/APPHOST" -Filter "system.webServer/httpProtocol/customHeaders" -Name . -AtElement @{name='X-Powered-By'}
Chris Berlin
  • 744
  • 6
  • 15
Marcelo Costa
  • 56
  • 7