Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Removing the "Date" http response header on IIS 7+

Tags:

http-headers

iis

asp.net-web-api

I am developing an ASP.NET Web API application which responds to the clients with a custom datetime http header. While I have read several articles describing how to remove response headers from ASP.NET/IIS, this one always seem to be resilient, i can't get rid of it. It seems to be placed in the response pipeline somewhere out of the programmer's/administrator's control, at the very end.

I know it may be a bad practice not to include the "Date" header in the response but, as i mentioned, the custom datetime header (which is in ticks instead of a string representation) makes the default one redundant; furthermore, this is a private API, so i know exactly who and how uses it.

Is it thus possible in any way to remove this header in IIS (v7+) for a specific site (or directly from the Web API application)?

Edit:
I tried (without success) the following techniques:

  • Creating a custom handler to remove the header right from the Web API project
  • Registering a custom IHttpModule
  • Explicit removal of headers in web.config in <httpProtocol><customHeaders> section
  • Remove HTTP response headers in IIS Manager
  • Header removal code in protected void Application_PreSendRequestHeaders(object sender, EventArgs e) method in Global.asax.cs
like image 338
Gabriel S. Avatar asked Jan 23 '13 09:01

Gabriel S.

People also ask

How do I remove unwanted HTTP response headers?

Open the site which you would like to open and then click on the HTTP Response Headers option. Click on the X-Powered-By header and then click Remove on the Actions Pane to remove it from the response.

How do I change the response header in IIS?

In the web site pane, double-click HTTP Response Headers in the IIS section. In the actions pane, select Add. In the Name box, type the custom HTTP header name. In the Value box, type the custom HTTP header value.

1 Answers

According to HTTP Spec, Date header is mandatory, except for these conditions which I dont think apply to your case:

Origin servers MUST include a Date header field in all responses, except in these cases:

  1. If the response status code is 100 (Continue) or 101 (Switching
     Protocols), the response MAY include a Date header field, at
     the server's option.
  2. If the response status code conveys a server error, e.g. 500
     (Internal Server Error) or 503 (Service Unavailable), and it is
     inconvenient or impossible to generate a valid Date.
  3. If the server does not have a clock that can provide a
     reasonable approximation of the current time, its responses
     MUST NOT include a Date header field. In this case, the rules
     in section 14.18.1 MUST be followed.
like image 137
Aliostad Avatar answered Oct 08 '22 09:10

Aliostad
Sign in to Comment

Related questions

Can only access asp.net app on localhost
PHP PDO extension not working on IIS
Does updating urlscan.ini require iisreset?
Change I make to code behind not updating when I publish my web application
Problem with recaptcha when testing it with IIS (localhost)
IIS and Delphi - Get the application folder inside ISAPI
Lightswitch: Load operation failed for query 'GetAuthenticationInfo'. The remote server returned an error: NotFound
How to deploy 2 separate ASP.NET solutions under one IIS website
How to remove multiple virtual directories?
IIS 7.5 - Change path of administration.config file
How to remove the HTTP ETag header by IIS 7.5?
ics file on webcal URI scheme
IIS 7.0 Application Pool Shared Between Sites - Is Cache Shared between sites?
Can Meteor run with a Microsoft back end (ie EF and ASP.net MVC)
Enabling IIS 8.0 (windows 8 pro) Dynamic Compression
Is it safe to make the ports range from 1024 to 65535 in prod environment [closed]
How to detect if ASP.NET is enabled in IIS 7
IIS Binding with windows authentication
asp.net waiting for localhost forever
how to change en-US dates to en-GB for asp.net?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!