{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 \"骚年 ilove 的问题《Removing Server and X-Powered-By HTTP Headers on A》','https://www.manongdao.com/q-1260413.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
For security I want to remove any HTTP headers that reveals details about the OS, Web Server or Framework that my application is running. I was able to remove all from displaying locally with IIS Express using the articles found on SO and elsewhere. Unfortunately when I published to my Azure Web Site preview, three headers remained:
- Server: Microsoft-IIS/7.5
- X-Powered-By: ARR/2.5
- X-Powered-By: ASP.NET
The articles I'm finding are for Azure Web Roles instead of Web Site Preview, such as this one.
Does anyone know how to remove from Web Site Preview?
Check this thread How to remove ASP.Net MVC Default HTTP Headers? and not only the main response, but also the responses below.
This is now possible. See also Remove Server Response Header IIS7
Windows Azure Websites are shared infrastructure and you do not have access to configure IIS as you do in a Web Role. As you have correctly pointed out you could remove these headers:
but are left with the following:
Even if you implement all the necessary steps to suppress these headers you will see from my blog post that illegal requests will be handled by HTTP.SYS at the kernel level which will return the Microsoft-HTTPAPI/2.0 header. You need to edit the registry to remove this header.
The conclusion is that if you want ultimate control of IIS and HTTP.SYS you will need to host your website in a non-shared infrastructure. So your option is a Web Role in a Windows Azure Cloud Service.