This article mainly describes how to optimize the unnecessary information in the response header when ASP. NET MVC uses IIS
By default, creating an ASP. NET MVC project will contain sensitive information in the response header, which is useless but exposes configuration information for IIS.
The following is the default response header information:
Cache-control:private, s-maxage=0content-encoding:gzipcontent-length:8024content-type:text/html; Charset=utf-8date:fri, Sep 03:17:10 gmtserver:microsoft-iis/10.0vary:accept-encodingx-aspnet-version : 4.0.30319x-aspnetmvc-version:5.2x-frame-options:sameoriginx-powered-by:asp. Netx-sourcefiles:=? UTF-8? B? rdpcv29ya1wymde2xe56tmquswrlbnrpdhlcr0xelldlylxtdxblclxvc2vycw==?=
In the above content, the red part is not the information that must be output, but will expose some configuration information of the server, and the following describes how to remove the unnecessary output information:
Open Global.asax.cs, and in the Application_Start method, add the following code:
true;
Also in Global.asax.cs , add the following code
protected void Application_presendrequestheaders (object sender, EventArgs e) {as HttpApplication; if null && null) { app. Context.Response.Headers.Remove ("Server");} }
Locate the system.web node in the Web. config file and add the following configuration:
"false" />
Locate System.webservice in the Web. config file and add the following configuration:
"x-powered-by" /> </ Customheaders>
OK, finish the above operation, after compiling, open, F12 can see,Response header content as follows :
Cache-control:private, s-maxage=0content-encoding:gzipcontent-length:8018content-type:text/html; Charset=utf-8date:fri, 02:35:39 gmtvary:accept-encodingx-frame-options:sameoriginx-sourcefiles:=? UTF-8? B? rdpcv29ya1wymde2xe56tmquswrlbnrpdhlcr0xelldlylxtdxblclxvc2vycw==?=
Unnecessary information has been removed. A lot more refreshing!
Removing redundant response headers in ASP.