Removing X-Powered By and Server Header from websites running on ASP.NET Core

Bharat Dwarkani | Apr 5, 2020 | .NET Core

By default, ASP.NET Core adds header X-Powered By and server info. This gives information to hacker that site is running on Kestrel server and powered by ASP.NET core.

In ASP.NET Core there is simple way to hide this information.

  1. In program.cs file add this line to set AddServerHeader to false.

If site is running on IIS you can add code to remove Header in web.config file

  1. To remove X-Powered just add this code in web.config.

That’s it. Simple step to safeguard your application.

visibility24 share bookmarks