【转】Asp.NetMve移除HTTP Header中服務器信息Server、X-AspNet-Version、X-AspNetMvc-Version、X-Powered-By:ASP.NET

默認情況下Chrome中截獲的HTTP Header信息：

Cache-Control:private, s-maxage=0
Content-Encoding:gzip
Content-Length:1184
Content-Type:text/html; charset=utf-8
Date:Sun, 08 Oct 2017 05:01:37 GMT
Server:Microsoft-IIS/10.0
Vary:Accept-Encoding
X-AspNet-Version:4.0.30319
X-AspNetMvc-Version:5.2
X-Powered-By:ASP.NET
X-SourceFiles:=?UTF-8?B?RTpcV29ya1xUaWFuTG9uZ1xMUS5NVkNBZG1pblxNYW5hZ2VyXEVxdWlwbWVudHM=?=

1、移除X-AspNetMvc-Version

在Global.asax.cs中添加如下代碼：

protected void Application_Start()
        {
            //屏蔽瀏覽器中的ASP.NET版本
            MvcHandler.DisableMvcResponseHeader = true;

            AreaRegistration.RegisterAllAreas();
            GlobalConfiguration.Configure(WebApiConfig.Register);
            FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
            RouteConfig.RegisterRoutes(RouteTable.Routes);
            BundleConfig.RegisterBundles(BundleTable.Bundles);
        }

效果如下：

Cache-Control:private, s-maxage=0
Content-Encoding:gzip
Content-Length:1184
Content-Type:text/html; charset=utf-8
Date:Sun, 08 Oct 2017 05:03:57 GMT
Server:Microsoft-IIS/10.0
Vary:Accept-Encoding
X-AspNet-Version:4.0.30319
X-Powered-By:ASP.NET
X-SourceFiles:=?UTF-8?B?RTpcV29ya1xUaWFuTG9uZ1xMUS5NVkNBZG1pblxNYW5hZ2VyXEVxdWlwbWVudHM=?=

2、移除X-AspNet-Version

在config中添加如下代碼：

<system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" enableVersionHeader="false"/>
  </system.web>

效果如下：

Cache-Control:private, s-maxage=0
Content-Encoding:gzip
Content-Length:1184
Content-Type:text/html; charset=utf-8
Date:Sun, 08 Oct 2017 03:46:23 GMT
Vary:Accept-Encoding
Server:Microsoft-IIS/10.0
X-Powered-By:ASP.NET
X-SourceFiles:=?UTF-8?B?RTpcV29ya1xUaWFuTG9uZ1xMUS5NVkNBZG1pblxNYW5hZ2VyXEVxdWlwbWVudHM=?=

3、移除Server

既可以移除同時也可以修改Server信息，也可以實現上面兩個信息的移除，在Global.asax.cs文檔中添加如下代碼

protected void Application_PreSendRequestHeaders(object sender, EventArgs e)
        {
            HttpApplication app = sender as HttpApplication;
            if (app != null && app.Context != null)
            {
                //移除Server
                app.Context.Response.Headers.Remove("Server");
                //修改Server的值
                  //app.Context.Response.Headers.Set("Server", "MyPreciousServer");

                //移除X-AspNet-Version，和上面效果一樣
                  app.Context.Response.Headers.Remove("X-AspNet-Version");

                //移除X-AspNetMvc-Version，和上面效果一樣
                  app.Context.Response.Headers.Remove("X-AspNetMvc-Version");
            }
        }

效果如下：

Cache-Control:private, s-maxage=0
Content-Encoding:gzip
Content-Length:1184
Content-Type:text/html; charset=utf-8
Date:Sun, 08 Oct 2017 05:25:00 GMT
Vary:Accept-Encoding
X-Powered-By:ASP.NET
X-SourceFiles:=?UTF-8?B?RTpcV29ya1xUaWFuTG9uZ1xMUS5NVkNBZG1pblxNYW5hZ2VyXEVxdWlwbWVudHM=?=

4、移除X-Powered-By

在webconfig中添加配置項：

<system.webServer>
    <httpProtocol>
      <customHeaders>
        <remove name="X-Powered-By" />
      </customHeaders>
    </httpProtocol>
  </system.webServer>

移除效果如下：

Cache-Control:private, s-maxage=0
Content-Encoding:gzip
Content-Length:1184
Content-Type:text/html; charset=utf-8
Date:Sun, 08 Oct 2017 05:29:05 GMT
Vary:Accept-Encoding

原文地址：https://hk.saowen.com/a/ea467c7a90aab9fdc6c4c2a020fb1197926d3046a467c3670f987d0b9144d190