Get a quote

Vulnerability Fixation
Excessive Information in Headers

Book a Free Consultation

Hide Server Information in Apache & IIS

By default, Apache reveals server version, OS, and modules in HTTP headers. Attackers can exploit this information.
We can hide sensitive response headers to improve security.

Apache – Steps to Hide Server Information
  • Check if headers module is loaded: 
        httpd -M
  • If not loaded, locate httpd.conf using: 
        httpd -V
  • Load the headers module if missing: 
        LoadModule headers_module modules/mod_headers.so
  • Disable detailed server signature: 
        ServerSignature Off
    ServerTokens Prod
  • Remove Server and X-Powered-By headers: 
        <IfModule mod_headers.c>
        Header unset Server
        Header unset X-Powered-By
    </IfModule>

IIS – Remove Sensitive Response Headers

  • Remove X-Powered-By (inside <system.webServer>): 
        <httpProtocol>
        <customHeaders>
            <remove name="X-Powered-By" />
        </customHeaders>
    </httpProtocol>
  • Remove Server header using PreSendRequestHeaders: 
        Response.Headers.Remove("Server");
  • Disable X-AspNet-Version in web.config: 
        <httpRuntime enableVersionHeader="false" />
  • Disable X-AspNetMvc-Version in Application_Start: 
        MvcHandler.DisableMvcResponseHeader = true;

This prevents the exposure of server details that attackers can leverage for targeted attacks.


Apache

Also Read :

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More