Hi All, how do you do? In this post I will share little bit about how to remove IIS Header Bloat on IIS. This is default ASP.NET project’s response to a request for a page:

Cache-Control:private

Content-Encoding:gzip

Content-Length:3256

Content-Type:text/html; charset=utf-8

Date:Thu, 26 Jun 2014 09:07:59 GMT

Server:Microsoft-IIS/8.0

Vary:Accept-Encoding

X-AspNet-Version:4.0.30319

X-AspNetMvc-Version:4.0

X-Powered-By:ASP.NET

The first thing you need to do is remove X-AspNetMvc-Version header. How? Please just open your Global.asax.cs file to Application_Start, and add this code at the top

MvcHandler.DisableMvcResponseHeader = true;

Then, you can also eliminate the “Server” header by adding a handler to PreSendRequestHeaders event like this:

        protected void Application_PreSendRequestHeaders(object sender, EventArgs e)
        {
            HttpApplication app = sender as HttpApplication;
            if (app != null &&
                app.Context != null)
            {
                app.Context.Response.Headers.Remove("Server");
            }
        }

Then, remove the “X-AspNet-Version" header by adding a config key to Web.Config. Here is the key to add (under <system.web>):

    <httpRuntime enableVersionHeader="false" />

The last is remove the X-Powered-By by adding another confing key to Web.Config (under<system.webserver>):

    <httpProtocol>

      <customHeaders>

        <remove name="X-Powered-By" />

      </customHeaders>

    </httpProtocol>

After doing all of this, we end up with a nice and clean response:

Cache-Control:private

Content-Encoding:gzip

Content-Length:3256

Content-Type:text/html; charset=utf-8
Date:Wed, 26 Jun 2014 09:17:09 GMTServer:Microsoft-IIS/8.0

Vary:Accept-Encoding