Remove X-Powered-By: ASP.NET Header

October 21, 2008

Have you ever noticed that IIS tends to brand every HTTP response with the header X-Powered-By: ASP.NET - it will do this even if your site is not powered by ASP.NET!

Here's how to remove this header on IIS 6:

  1. Open up the IIS Management Console
  2. Right Click on a Web Sites and select Properties
  3. Click on the HTTP Headers Tab
  4. Under Custom HTTP Headers click on X-Powered-By: ASP.NET and click Remove

Here's how to remove it on IIS 7 / 7.5:

  1. Open Server Manager and select the server name under Internet Information Services (IIS) Manager
  2. Double click HTTP Response Headers
  3. Remove the X-Powered-By header if it exists
IIS 7.5

Thanks go to Nick Gleason for sending instructions and providing a screenshot for IIS 7

Like this? Follow me ↯

You might also like:

3 people found this page useful, what do you think?


Just a minor your directions above there should be a step in between 2 and 3 that says: "Click on Properties"
@Jake - thanks, updated.
How can we remove the 'X-Powered-By' response header, which leaks information about the server side technology?

Foundeo Inc.