Server Headers: To remove Server headers there are multiple solutions Solution 1: Add the below code snippet in global.asax file protected void Application_PreSendRequestHeaders() { Response.Headers.Remove( "Server" ); } Solution 2: (Preferred) Download and install the latest version of urlscan tool (version 3.1) from the following link 32-Bit (x86): http://www.microsoft.com/downloads/details.aspx?FamilyID=ee41818f-3363-4e24-9940-321603531989 64-Bit (x64): http://www.microsoft.com/downloads/details.aspx?FamilyID=361e5598-c1bd-46b8-b3e7-3980e8bdf0de After installing goto below location C:\Windows\System32\inetsrv\urlscan Open “ UrlScan.ini ” file in notepad as a Administrator Update the value for RemoveServerHeader=1 from 0. X-Powered-By Headers: Solution 1: Remove the X-Powered-By headers from IIS Open IIS Click on required website Click on HTTP Response headers, Right click on
We can implement HSTS using multiple approaches. Approach 1: PRE-REQUISITES: URL Rewrite module has to be installed from the below link https://www.microsoft.com/en-in/download/details.aspx?id=7435 Add the below code to web.config <?xml version= "1.0" encoding= "UTF-8" ?> <configuration> <system.webServer> <rewrite> <rules> <rule name = "HTTP to HTTPS redirect" stopProcessing = "true" > <match url = "(.*)" /> <conditions> <add input = "{HTTPS}" pattern = "off" ignoreCase = "true" /> </conditions> <action type = "Redirect" url = "https://{HTTP_HOST}/{R:1}" redirectType = "Permanent" />