SQL Server administration and T-SQL development, Web Programming with ASP.NET, HTML5 and Javascript, Windows Phone 8 app development, SAP Smartforms and ABAP Programming, Windows 7, Visual Studio and MS Office software
IIS Server Tutorials, Downloads and ASP.NET Code samples for WEB Developers


Remove Response Header X-Powered-By: ASP.NET using IIS 7

In order to remove response header "X-Powered-By: ASP.NET" for a website, webmasters can configure IIS 7 (Internet Information Services) for removing this default HTTP Response Header.

The X-Powered-By response header is not a standard HTTP response header. The web servers like Microsoft IIS (Internet Information Services) or Apache Server uses X-Powered-By header item to identify their technology serving behind the related website. Since this header can be easily changed from its default values and administrators or webmasters can easily define a custom value for X-Powered-By, it is only an informative identifier. And it might not be reflecting the correct status and not be trustable.





If you check websites that are build using ASP.NET and running on an Microsoft IIS Server, you can see the X-Powered-By: ASP.NET response header.

Let's make a test and have a look at the Http Header of "http://www.asp.net/"
You can use one of the online website Http Header checking tools around.
And you will see the HTTP Header as follows:

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 3705
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Date: Sat, 12 Nov 2011 18:01:08 GMT

Now let's open Internet Information Services (IIS) Manager administration tool and configure the Response Header for a target website.

When Internet Information Services Manager is opened, drill-through the web site you want to disable X-Powered-By: ASP.NET response header.

On the middle site of the IIS 7 Management screen in Features View, you will see HTTP Response Headers icon in the IIS section. Double click on it to manage HTTP response headers.

IIS7 website HTTP Response Headers

When the HTTP Response Headers feature configuration screen is displayed, choose the items you want to remove from HTTP Response Header like X-Powered-By header

IIS7 HTTP Response Headers

Right click on the response header and choose Remove from the context menu.

If you want to change the value of X-Powered-By HTTP response header, right click on the item and choose Edit from the context menu

The Edit screen as shown below. Webmasters and IIS administrators can alter the value of this HTTP response header easily. Because of this reason it is not a fully trustable header that is giving information about the web server technology behind the website.

edit X-Powered-By response header value



IIS Server


Copyright © 2004 - 2021 Eralper YILMAZ. All rights reserved.