Question & Answer
Question
Disabling IIS Web Banner And Other IIS Headers
Answer
Title : Disabling IIS Web Banner And Other IIS Headers
ARTICLE
For security purposes, it may be desirable to disable the X-ASPNET-VERSION and X-Powered-By HTTP Headers.
The HTTP header "X-Powered-By" reveals the version of IIS being used on the server. This can be disabled by:
1. Open the IIS Manager
2. Select the website that Secret Server is running under.
3. Select "HTTP Response Headers"
4. Select the "X-Powered-By" HTTP Header and select "Remove"
The Http Header "X-ASPNET-VERSION" reveals the version of ASP.NET being used by the Secret Server application pool. This can be disabled by:
1. Open the web.config file for Secret Server (located in the root directory for the website).
2. Just after the <system.web> tag add this: <httpRuntime enableVersionHeader="false" />
3. Save the file.
Note: The SERVER header variable should not be removed as it will cause certain functionality within Secret Server to break.
Was this topic helpful?
Document Information
Modified date:
21 June 2018
UID
swg22016921