0

The "Server" and "X-Powered-By" headers are not present in the API response during runtime (or debugging) but appearing only on Postman / browser. My objective is to remove to Server/powered-by headers but they are not available during runtime for removal. API is based on ASP.NET Core 6.

Screenshot of response headers during runtime: Headers during runtime

Screenshot of response headers in Postman

enter image description here

sprash95
  • 137
  • 9

2 Answers2

1

They not appear because these 2 header are added outside runtime as the response go through IIS or IISexpress. If you publish the app and depoly to IIS, you can remove them by modify the webconfig.

<configuration>
<system.webServer>
        <httpProtocol>
            <customHeaders>
                <remove name="X-Powered-By" />
            </customHeaders>
        </httpProtocol>
        <security>
            <requestFiltering removeServerHeader="true" />
        </security>
    </system.webServer>
</configuration>

For debugging with IIS express. You can change the related settings in applicationhost.config which loacate at projectfolder-->.vs(hidden)-->config-->applicationhost.config. enter image description here

Qiang Fu
  • 1,401
  • 1
  • 2
  • 8
0

According to this:

PROCEDURE

  1. Open IIS Manager.
  2. Connect to the local server
  3. Select the Default Web Site. 4.Double-click HTTP Response Headers. Select X-Powered-By. Click Remove.
  4. Click Yes when prompted to confirm the change. For NuGenesis versions 9.1+:
  5. Repeat steps 4 through 7 for the two sites "AuditTrailClientApp" and "AuditTrailWebServer".
  6. Click on the local server entry.
  7. Double-click Configuration Editor. Select the section "system.webServer/proxy".
  8. Set "arrResponseHeader" to False. Click Apply.
  9. Restart the web server.
hamaronooo
  • 471
  • 4
  • 20