Last post Apr 09, 2021 07:54 AM by Sean Fang
Apr 05, 2021 09:04 AM|maverick786us|LINK
When I open ASP.NET application in Google Chrome, while inspecting HTML Elements>Network>Headers
How can I hide these things?
Apr 05, 2021 12:46 PM|mgebhard|LINK
It is not possible to hide header lines in an HTTP message. You can
remove the X-ASP.NET header.
The referrer comes from the browser (client). The client can send whatever it wants.
The requested URL is also in the address bar and required to get the resource from the server.
Apr 06, 2021 09:21 AM|maverick786us|LINK
What is Orion in this context?
Apr 07, 2021 03:04 AM|Sean Fang|LINK
If you mean "Orion" in your research result, it is just a platform to do IT management. You don't need to focus on this word.
Now your question is how to remove Response header> X-ASP.NET Version. In case you want to hide more unnecessary HTTP headers in IIS and ASP.NET, you could refer to below steps.
<httpRuntime enableVersionHeader="false" />
This header can also be modified to your needs, for more information refer to http://www.iis.net/ConfigReference/system.webServer/httpProtocol/customHeaders
<remove name="X-Powered-By" />
protected void Application_Start()
MvcHandler.DisableMvcResponseHeader = true;
protected void Application_PreSendRequestHeaders(object source, EventArgs e)
Regarding Request header> Referer, again, you can't do this.
The Request.Headers["Referer"] value is a value sent by the browser on each request. It's up to the browser what value it choose to supply for this value, and there is no means for a web page to send a response that says "for your next request, use this
value for the Referer". And when you do a Request.Redirect, you're sending a response to the browser, telling it to make another request.
Apr 08, 2021 07:56 AM|maverick786us|LINK
Thanks Sean. That application was developed in classic ASP.NET. So DisableMVCResponseHeader might not work with it
Apr 09, 2021 07:54 AM|Sean Fang|LINK
If your project is not a MVC, then I think you don't need to worry about this default header.