How to remove server header using middleware?

In ASP.NET Core 1.0 every response will include the header Server: Kestrel. I want to remove this header along with other header like X-Power-By using middleware.

I know that we can remove Kestrel header in host configuration by setting the following but I want to do it using middleware (actually when we have Httpmodule we can do like this so I am learning same thing). I tried my bit it did not work.

new WebHostBuilder()
    .UseKestrel(c => c.AddServerHeader = false)

Tried code:

public class HeaderRemoverMiddleware
{
    private readonly RequestDelegate _next;
    public HeaderRemoverMiddleware(RequestDelegate next)
    {
        _next = next;
    }

    public async Task Invoke(HttpContext httpContext)
    {
        httpContext.Response.OnStarting(callback: removeHeaders, state: httpContext);
        await _next.Invoke(httpContext);
    }

    private Task removeHeaders(object context)
    {
        var httpContext = (HttpContext)context;
        if (httpContext.Response.Headers.ContainsKey("Server"))
        {
            httpContext.Response.Headers.Remove("Server");
        }
        return Task.FromResult(0);
    }
}

public static class HeaderRemoverExtensions
{
    public static IApplicationBuilder UseServerHeaderRemover(this IApplicationBuilder builder)
    {
        return builder.UseMiddleware<HeaderRemoverMiddleware>();
    }
}

What is HTTP server header?

The HTTP Server header is a response-type header that contains the information about the used software by the server to handle all the requests. This header will only a few details of the server like the server name software like sffe, cloudflare etc.

I've verified that this code is working as of Kestrel 1.0.0:

.UseKestrel(opt => opt.AddServerHeader = false)

This removes the Server: Kestrel header from the response.

If you want to remove other arbitrary headers from the response, a variation of your code will work. This doesn't work for the Server: Kestrel header, because it appears that Kestrel adds this after the OnSending delegate runs.

Here's a sample middleware that will remove any headers you pass to it:

public class HeaderRemoverMiddleware
{
    private readonly RequestDelegate _next;
    private readonly ImmutableList<string> _headersToRemove;

    public HeaderRemoverMiddleware(RequestDelegate next, ImmutableList<string> headersToRemove)
    {
        _next = next;
        _headersToRemove = headersToRemove;
    }

    public async Task Invoke(HttpContext httpContext)
    {
        httpContext.Response.OnStarting(() =>
        {
            _headersToRemove.ForEach(header =>
            {
                if (httpContext.Response.Headers.ContainsKey(header))
                {
                    httpContext.Response.Headers.Remove(header);
                }
            });

            return Task.FromResult(0);
        });

        await _next.Invoke(httpContext);
    }
}

public static class HeaderRemoverExtensions
{
    public static IApplicationBuilder UseHeaderRemover(this IApplicationBuilder builder, params string[] headersToRemove)
    {
        return builder.UseMiddleware<HeaderRemoverMiddleware>(headersToRemove.ToImmutableList());
    }
}

To use it, add it to the very top of your application pipeline:

app.UseHeaderRemover("Content-Type", "AnotherHeader");

How to remove server header using middleware?

Tags:

asp.net-core

.net-core

asp.net-core-1.0

asp.net-core-middleware

dotnetstep

People also ask

1 Answers

Nate Barbettini

Recent Activity

Donate For Us

How to remove server header using middleware?

Tags:

asp.net-core

.net-core

asp.net-core-1.0

asp.net-core-middleware

dotnetstep

People also ask

1 Answers

Nate Barbettini

Related questions

Recent Activity

Donate For Us