默認情況下Chrome中截獲的HTTP Header信息:
Cache-Control:private, s-maxage=0 Content-Encoding:gzip Content-Length:1184 Content-Type:text/html; charset=utf-8 Date:Sun, 08 Oct 2017 05:01:37 GMT Server:Microsoft-IIS/10.0 Vary:Accept-Encoding X-AspNet-Version:4.0.30319 X-AspNetMvc-Version:5.2 X-Powered-By:ASP.NET X-SourceFiles:=?UTF-8?B?RTpcV29ya1xUaWFuTG9uZ1xMUS5NVkNBZG1pblxNYW5hZ2VyXEVxdWlwbWVudHM=?=
1、移除X-AspNetMvc-Version
在Global.asax.cs中添加如下代碼:
protected void Application_Start() { //屏蔽瀏覽器中的ASP.NET版本 MvcHandler.DisableMvcResponseHeader = true; AreaRegistration.RegisterAllAreas(); GlobalConfiguration.Configure(WebApiConfig.Register); FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters); RouteConfig.RegisterRoutes(RouteTable.Routes); BundleConfig.RegisterBundles(BundleTable.Bundles); }
效果如下:
Cache-Control:private, s-maxage=0 Content-Encoding:gzip Content-Length:1184 Content-Type:text/html; charset=utf-8 Date:Sun, 08 Oct 2017 05:03:57 GMT Server:Microsoft-IIS/10.0 Vary:Accept-Encoding X-AspNet-Version:4.0.30319 X-Powered-By:ASP.NET X-SourceFiles:=?UTF-8?B?RTpcV29ya1xUaWFuTG9uZ1xMUS5NVkNBZG1pblxNYW5hZ2VyXEVxdWlwbWVudHM=?=
2、移除X-AspNet-Version
在config中添加如下代碼:
<system.web> <compilation debug="true" targetFramework="4.5" /> <httpRuntime targetFramework="4.5" enableVersionHeader="false"/> </system.web>
效果如下:
Cache-Control:private, s-maxage=0 Content-Encoding:gzip Content-Length:1184 Content-Type:text/html; charset=utf-8 Date:Sun, 08 Oct 2017 03:46:23 GMT Vary:Accept-Encoding Server:Microsoft-IIS/10.0 X-Powered-By:ASP.NET X-SourceFiles:=?UTF-8?B?RTpcV29ya1xUaWFuTG9uZ1xMUS5NVkNBZG1pblxNYW5hZ2VyXEVxdWlwbWVudHM=?=
3、移除Server
既可以移除同時也可以修改Server信息,也可以實現上面兩個信息的移除,在Global.asax.cs文檔中添加如下代碼
protected void Application_PreSendRequestHeaders(object sender, EventArgs e) { HttpApplication app = sender as HttpApplication; if (app != null && app.Context != null) { //移除Server app.Context.Response.Headers.Remove("Server"); //修改Server的值 //app.Context.Response.Headers.Set("Server", "MyPreciousServer"); //移除X-AspNet-Version,和上面效果一樣 app.Context.Response.Headers.Remove("X-AspNet-Version"); //移除X-AspNetMvc-Version,和上面效果一樣 app.Context.Response.Headers.Remove("X-AspNetMvc-Version"); } }
效果如下:
Cache-Control:private, s-maxage=0 Content-Encoding:gzip Content-Length:1184 Content-Type:text/html; charset=utf-8 Date:Sun, 08 Oct 2017 05:25:00 GMT Vary:Accept-Encoding X-Powered-By:ASP.NET X-SourceFiles:=?UTF-8?B?RTpcV29ya1xUaWFuTG9uZ1xMUS5NVkNBZG1pblxNYW5hZ2VyXEVxdWlwbWVudHM=?=
4、移除X-Powered-By
在webconfig中添加配置項:
<system.webServer> <httpProtocol> <customHeaders> <remove name="X-Powered-By" /> </customHeaders> </httpProtocol> </system.webServer>
移除效果如下:
Cache-Control:private, s-maxage=0
Content-Encoding:gzip
Content-Length:1184
Content-Type:text/html; charset=utf-8
Date:Sun, 08 Oct 2017 05:29:05 GMT
Vary:Accept-Encoding
原文地址:https://hk.saowen.com/a/ea467c7a90aab9fdc6c4c2a020fb1197926d3046a467c3670f987d0b9144d190