asp.net-corehttp-headersresponse-headersapi-security
Server / X-Powered-By headers not available in runtime
The "Server" and "X-Powered-By" headers are not present in the API response during runtime (or debugging) but appearing only on Postman / browser. My objective is to remove to Server/powered-by headers but they are not available during runtime for removal. API is based on ASP.NET Core 6.
Screenshot of response headers during runtime:
Screenshot of response headers in Postman
Solution
They not appear because these 2 header are added outside runtime as the response go through IIS or IISexpress. If you publish the app and depoly to IIS, you can remove them by modify the webconfig.
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
<security>
<requestFiltering removeServerHeader="true" />
</security>
</system.webServer>
</configuration>
For debugging with IIS express. You can change the related settings in applicationhost.config which loacate at projectfolder-->.vs(hidden)-->config-->applicationhost.config.
- JSON response with varying nesting pattern from 3rd-party API
- Error on .net core project when add Swagger (Only When Publish Project on Server)
- Enable interactive render mode on Blazor templates accounts pages
- .NET Generic Host : Prevent application crash on unhandled exception
- asp net core causes an error Fetch: TypeError
- Blazor HealthChecks - works on my system, error on Azure App Server
- ASP.NET Core 2.0 disable automatic challenge
- Get recent file in S3 bucket using C#
- Using Lazy<T> to store token value in a scoped service in .NET 6
- Integration test with WebApplicationFactory fails with ObjectDisposedException for IServiceProvider
- Timeouts are not supported on this stream. Cannot receive stream response from API and save file to local disk in Blazor WASM
- Error during XSLT transformation: An error occurred while loading document 'https://ex.com/example.xml'. See InnerException forcomplete description
- How to share a session values between an ASP.NET and ASP.NET Core application?
- IAsyncEnumerable JSON streaming is not streaming on azure web app running on IIS
- Directory.Build.props only respected when building .sln file
- Kestrel ignores certificate configuration in code
- The ASP. NET Core Web API project did not generate the request header "Authorization" into the "swagger. json" document file
- Conditional not working in ASP.NET Core 7 Razor view
- Get null in controller when implementing IEnumerable in ASP NET model
- What is the next step after login for frontend? I am working with .NET 8 Blazor Web App InteractiveAuto
- Error with Identity Server and Client App
- Are C# 9 'init' properties safe to use for configuration binding (IOptions)?
- How do I run npm build as part of dotnet publish
- Does .NET Core IServiceScopeFactory child scope dispose transient services?
- ServiceCollection does not contain a definition from "AddLogging"
- Token Request Failing and Returning error invalid grant
- How to extend existing third party model?
- How do I configure client side routing in Blazor WASM for subfolder in URL?
- Dependency injection approach for object used only in a single method
- How to use appsettings.json in Asp.net core 6 Program.cs file