Menu
I also wanted to modify my headers, but i needed to hide as much as possible. It is the same for Add or Remove or both, it is just headers.
1) You can set MvcHandler.DisableMvcResponseHeader = true; in the global.asax
protected void Application_Start()
{
MvcHandler.DisableMvcResponseHeader = true;
}
and
protected void Application_PreSendRequestHeaders()
{
Response.Headers.Remove("Server");
Response.Headers.Remove("X-AspNet-Version");
}
2) You should not really use diff module for almost the same job, instead create a HeadersModule that only handles header modification, and use the PreSendRequestHeaders to add or remove any headers that you want. You can always inject some service with list of headers to add or remove.
public class HeadersModule : IHttpModule
{
public void Init(HttpApplication context)
{
context.PreSendRequestHeaders += OnPreSendRequestHeaders;
}
public void Dispose() {
}
void OnPreSendRequestHeaders(object sender, EventArgs e)
{
var r = sender as HttpApplication;
r.Response.Headers.Remove("Server");
r.Response.Headers.Remove("X-AspNetMvc-Version");
r.Response.Headers.Remove("X-AspNet-Version");
r.Response.Headers.Remove("X-Powered-By");
}
}
3) To be extra sure, that some headers show, or "not" show up you can add this to your config file
<system.webServer>
<modules>
<add name="HeadersModule " type="MyNamespace.Modules.HeadersModule " />
</modules>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
<remove name="Server" />
<remove name="X-AspNet-Version" />
<remove name="X-AspNetMvc-Version" />
</customHeaders>
<redirectHeaders>
<clear />
</redirectHeaders>
</httpProtocol>
</system.webServer>
4) Test all pages, aka 404, error pages, weird path names, cause they can leak certain headers or show headers that you did not expect.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With