RemovePoweredByHeader does not remove the server header

GaProgMan / OwaspHeaders.Core

Inject OWASP recommended HTTP Headers for increased security in a single line

MIT License

282 stars 35 forks source link

Closed GaProgMan closed 5 years ago

GaProgMan commented 5 years ago

As can be seen in the following screenshot:

response headers when RemovePoweredByHeader is included

the server: header is not removed - in the image, it reads server: kestrel. This exposes the server technology and must be fixed.