Closed blairlearn closed 2 years ago
AppScans have begun requiring that the server not reveal its version number. In IIS 10, this can be addressed via the web.config
To remove the Server header, in the system.webServer section, add;
Server
system.webServer
<security> <requestFiltering removeServerHeader="true" /> </security>
To remove the X-Powered-By header, in the <system.webServer> section, add:
X-Powered-By
<system.webServer>
<httpProtocol> <customHeaders> <remove name="X-Powered-By" /> </customHeaders> </httpProtocol>
ESTIMATE TBD
AppScans have begun requiring that the server not reveal its version number. In IIS 10, this can be addressed via the web.config
To remove the
Server
header, in thesystem.webServer
section, add;To remove the
X-Powered-By
header, in the<system.webServer>
section, add:Prerequisites
Sub-Tasks
Notes