asp.net-corehttp-headersresponse-headersapi-security
Server / X-Powered-By headers not available in runtime
The "Server" and "X-Powered-By" headers are not present in the API response during runtime (or debugging) but appearing only on Postman / browser. My objective is to remove to Server/powered-by headers but they are not available during runtime for removal. API is based on ASP.NET Core 6.
Screenshot of response headers during runtime:
Screenshot of response headers in Postman
Solution
They not appear because these 2 header are added outside runtime as the response go through IIS or IISexpress. If you publish the app and depoly to IIS, you can remove them by modify the webconfig.
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
<security>
<requestFiltering removeServerHeader="true" />
</security>
</system.webServer>
</configuration>
For debugging with IIS express. You can change the related settings in applicationhost.config which loacate at projectfolder-->.vs(hidden)-->config-->applicationhost.config.
- Blazor: The type or namespace name 'ApplicationPartAttributeAttribute' does not exist in the namespace 'Microsoft.AspNetCore.Mvc.ApplicationParts'
- How can I validate multiple action parameters with ValidationAttribute in ASP.NET Core 3.0
- MVC ASP.NET Core Show detailed error for staging environment
- Microsoft.AspNetCore.OpenAPI generates document with schema $refs to previous properties of same type instead of the base schema itself
- EF Core CRUD Scaffold, show primary key in view?
- Cannot resolve scoped service from root provider .Net Core 2
- Azure SignalR - Client connection fails with 401-Unauthorized 'invalid_token. The signature key was not found'
- How to hide the Links column in the Swagger UI Responses section
- Blazor InputText: conditionally rendering an attribute
- The SSL connection could not be established, see inner exception. Docker problem
- Check if a string is half width or full width in C#
- Unable to invoke javascript function from blazor component
- Cannot remove DBContext from DI
- Send HTTP_1_1_REQUIRED from ASP.NET Core controller
- How to disable the component hierarchy in Blazor?
- IdentityServer4 in IIS being recycled due to app_offline.htm when using discovery endpoint sometimes
- Interact with the Virtualize component
- Cannot resolve scoped service 'xx.IEnumerable`1[xx.IDbContextOptionsConfiguration`1[xx.ExampleDbContext]]...' after upgrading from .NET 8 to .NET 9
- How i can add endpoint (or сatch a request and check its path) to BCL?
- How does the "Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" package resolves types which are in "Microsoft.AspNetCore.dll"?
- Customize output Serilog
- Unhandled exception. System.InvalidOperationException
- Is it possible to use ASP.NET Core within an F# fsx script?
- How to send data with the size more than Signalr message size limit in Blazor?
- IDX12723: Unable to decode the payload '[PII of type 'System.String' is hidden
- UpdateRange method of Entity Framework Core does not work
- How to enable CORS in ASP.net Core WebAPI
- Why does my CORS configuration still block datatables from consuming an API?
- .NET return JSON without reformating
- .NET 8 & SQL Server 2016 - Contains() throws error