Remove header information from responses sent by your website

Last updated Wednesday, August 1, 2018 in Sitecore Experience Platform for Administrator, Developer
Keywords: Security

You can improve security and save a small amount of bandwidth if you remove the header information from each response sent by your website.

These headers contain a number of infrastructure details about the framework that is used on your website that you do not need to publicize.

This topic describes how to:

Note

If you have installed SXA, it removes all this header information.

Remove the X-Aspnet-Version HTTP header

If you remove the X-Aspnet-Version HTTP header information from each webpage, you save a little bandwidth and ensure that you are not publicizing which version of ASP.NET you are using.

To remove the X-Aspnet-Version HTTP header from each response from ASP.NET, add the following code to the web.config file.

  <system.web>
    <httpRuntime enableVersionHeader="false" />
  </system.web>

For more information, see the dotnetperls website.

Remove the X-Powered-By HTTP header

If you remove the X-Powered-By HTTP header, you are not publicizing which version of ASP.NET you are using.

To remove the X-Powered-By HTTP header from each response from ASP.NET, add the following code to the web.config file:

  <system.webServer>
<httpProtocol>
      <customHeaders>
        <remove name="X-Powered-By" />
      </customHeaders>
    </httpProtocol>
  </system.webServer>

Remove the X-AspNetMvc-Version HTTP header

If you remove the X-AspNetMvc-Version HTTP header, you are not publicizing which version of ASP.NET MVC you are using.

To remove the X-AspNetMvc-Version HTTP header, add the following code to the Application_Start method in the Global.asax.cs file:

  protected void Application_Start(object sender, EventArgs e)
  {
    MvcHandler.DisableMvcResponseHeader = true;
    // RegisterRoutes etc... and other stuff
  }

Note

In Sitecore 9:0 or later, the X-AspNetMvc-Version HTTP header is automatically removed by the <initialize> pipeline.

Send feedback about the documentation to docsite@sitecore.net.