Add this to your global.asax.cs:
protected void Application_PreSendRequestHeaders()
{
Response.Headers.Remove("Server");
Response.Headers.Remove("X-AspNet-Version");
Response.Headers.Remove("X-AspNetMvc-Version");
}
More Related Contents:
- X-Frame-Options Allow-From multiple domains
- IIS7, web.config to allow only static file handler in directory /uploads of website
- Fundamental difference between Hashing and Encryption algorithms
- What is the best way to implement “remember me” for a website? [closed]
- Are querystring parameters secure in HTTPS (HTTP + SSL)? [duplicate]
- SHA512 vs. Blowfish and Bcrypt [closed]
- Disable firefox same origin policy
- SSL and man-in-the-middle misunderstanding
- Is it possible to reverse a SHA-1?
- With HTTPS, are the URL and the request headers protected as the request body is?
- What is cross site scripting?
- SPA best practices for authentication and session management
- What algorithm should I use to hash passwords into my database? [duplicate]
- What is happening when I have two CSP (Content Security Policies) policies – header & meta?
- Username and password in https url
- What is the difference between a cer, pvk, and pfx file?
- Why do salts make dictionary attacks ‘impossible’?
- If you use HTTPS will your URL params will be safe from sniffing? [duplicate]
- When the bots attack! [closed]
- Is it OK to return a HTTP 401 for a non existent resource instead of 404 to prevent information disclosure?
- Should I impose a maximum length on passwords?
- How to manually decrypt an ASP.NET Core Authentication cookie?
- SSO with CAS or OAuth?
- Best practices for server-side handling of JWT tokens [closed]
- How do I secure REST API calls?
- client secret in OAuth 2.0
- What are best practices for securing the admin section of a website? [closed]
- How can I hash passwords in postgresql?
- IIS and Static content?
- Has Hardware Lock Elision gone forever due to Spectre Mitigation?