Remove X-Powered-By: ASP.NET Header
Have you ever noticed that IIS tends to brand every HTTP response with the header X-Powered-By: ASP.NET - it will do this even if your site is not powered by ASP.NET!
Here's how to remove this header on IIS 6:
- Open up the IIS Management Console
- Right Click on a Web Sites and select Properties
- Click on the HTTP Headers Tab
- Under Custom HTTP Headers click on
X-Powered-By: ASP.NET
and click Remove

Here's how to remove it on IIS 7 / 7.5:
- Open Server Manager and select the server name under Internet Information Services (IIS) Manager
- Double click HTTP Response Headers
- Remove the
X-Powered-By
header if it exists

Thanks go to Nick Gleason for sending instructions and providing a screenshot for IIS 7
Like this? Follow me ↯
Tweet Follow @pfreitagRemove X-Powered-By: ASP.NET Header was first published on October 21, 2008.
If you like reading about iis, microsoft, windows, http, or headers then you might also like:
- Request Filtering in IIS 7 Howto
- VirtualBox Error VT-x/AMD-V
- IIS: Disabling Weak SSL Protocols and Ciphers
- Howto Disable the Server Header in IIS
- Apache mod_rewrite for IIS
- Batch Files to Restart Services on Windows
Comments
Just a minor nitpick...in your directions above there should be a step in between 2 and 3 that says: "Click on Properties"
by Jake Munson on 12/21/2010 at 10:16:13 AM UTC
@Jake - thanks, updated.
by Pete Freitag on 08/16/2011 at 11:00:22 AM UTC
How can we remove the 'X-Powered-By' response header, which leaks information about the server side technology?
by Alprazolam on 07/13/2016 at 11:17:40 PM UTC