Pete Freitag Pete Freitag

Remove X-Powered-By: ASP.NET Header


Have you ever noticed that IIS tends to brand every HTTP response with the header X-Powered-By: ASP.NET - it will do this even if your site is not powered by ASP.NET!

Here's how to remove this header on IIS 6:

  1. Open up the IIS Management Console
  2. Right Click on a Web Sites and select Properties
  3. Click on the HTTP Headers Tab
  4. Under Custom HTTP Headers click on X-Powered-By: ASP.NET and click Remove

Here's how to remove it on IIS 7 / 7.5:

  1. Open Server Manager and select the server name under Internet Information Services (IIS) Manager
  2. Double click HTTP Response Headers
  3. Remove the X-Powered-By header if it exists
IIS 7.5

Thanks go to Nick Gleason for sending instructions and providing a screenshot for IIS 7

Like this? Follow me ↯

Remove X-Powered-By: ASP.NET Header was first published on October 21, 2008.

If you like reading about iis, microsoft, windows, http, or headers then you might also like:


Just a minor your directions above there should be a step in between 2 and 3 that says: "Click on Properties"
by Jake Munson on 12/21/2010 at 10:16:13 AM UTC
@Jake - thanks, updated.
by Pete Freitag on 08/16/2011 at 11:00:22 AM UTC
How can we remove the 'X-Powered-By' response header, which leaks information about the server side technology?
by Alprazolam on 07/13/2016 at 11:17:40 PM UTC