Created
April 28, 2014 04:54
-
-
Save RhysC/11362100 to your computer and use it in GitHub Desktop.
asafaweb Excessive headers fixes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //On start up : | |
| MvcHandler.DisableMvcResponseHeader = true; | |
| // as an http module/global asax | |
| protected void Application_PreSendRequestHeaders(object sender, EventArgs e) | |
| { | |
| // Remove the "Server" HTTP Header from response - security review recommends against sending this | |
| var app = sender as HttpApplication; | |
| if (app == null || null == app.Context) return; | |
| var headers = app.Context.Response.Headers; | |
| headers.Remove("Server"); | |
| } | |
| <system.web> | |
| <httpRuntime enableVersionHeader="false" /> | |
| ... | |
| <system.webServer> | |
| <httpProtocol> | |
| <customHeaders> | |
| <!-- as recommended by secuirty audit--> | |
| <remove name="X-Powered-By" /> | |
| </customHeaders> | |
| </httpProtocol> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment