IntroductionIn this article we will see how to remove unwanted HTTP headers and why we want to remove the headers.Why we want to remove unwanted HTTP headersIf you are a developer/architect in web application development and someone asks about the "Technology", "Web Server" and "Framework version", then they didn't share with the outside world. But this information will be published via HTTP headers for each page request as shown in the following image.Exposing this site information is really considered to be a security vulnerability. Hackers can easily understand your application and use the information in an attack.How to remove unwanted HTTP headersWe will create a simple HTTP module and remove these headers.StepsFirst implement the "IHttpModule" interface and its methods, to create a costum HTTP module.The "IHttpModule" interface has two methods and in the "Init" method implementation we will register an Event handler. In the Event handler, we will just get the current HTTP response and remove the unwanted response header as shown below.That's all from the module file, now we want to register this module in our application. We need to add the following tag in the "Web.Config" file.If you are using the Integrated mode then configure your handlers & modules in system.webServer instead of system.web.Now we will load the page and inspect the headers and we will see that the headers are removed except the "Powered-By".Just add the following Key in the "Web.config" file, it'll remove the "Powered-By" header also.If we run the page we see the final output.SummaryIn this article we will see how to remove the unwanted HTTP headers using Custom HTTP modules.
You need to be a premium member to use this feature. To access it, you'll have to upgrade your membership.
Become a sharper developer and jumpstart your career.
$0
$
. 00
monthly
For Basic members:
$20
For Premium members:
$45
For Elite members: