How to remove x-powered-by header in .net core 2.0

In addition to @Brando Zhang answer, To remove "Server:Kestrel" from response header:

-.NET Core 1

 var host = new WebHostBuilder()
        .UseKestrel(c => c.AddServerHeader = false)
        .UseContentRoot(Directory.GetCurrentDirectory())
        .UseIISIntegration()
        .UseStartup<Startup>()
        .Build();

-NET Core 2

WebHost.CreateDefaultBuilder(args)
               .UseKestrel(c => c.AddServerHeader = false)
               .UseStartup<Startup>()
               .Build();

As far as I know, the removal of these headers is facilitated with the Request Filtering module, which is part of IIS.

To remove a header, you need to have a web.config file stored on your site, with the following content:

<?xml version="1.0" encoding="utf-8"?>
<configuration>

  <!-- To customize the asp.net core module uncomment and edit the following section. 
  For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->

  <system.webServer>
    <handlers>
      <remove name="aspNetCore"/>
      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified"/>
    </handlers>
    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" />
    <httpProtocol>
      <customHeaders>
        <remove name="X-Powered-By" />
      </customHeaders>
    </httpProtocol>
  </system.webServer>


</configuration>

Add this web.config to your net core application's root folder.

Then it will remove the x-powered-by header.

The result like this:

enter image description here

How to remove x-powered-by header in .net core 2.0

Tags:

C#

Security

Azure

Related

Recent Posts