WS/WCF: Remove Server Header

added by DotNetKicks
12/21/2017 2:37:08 PM

1 Kicks, 235 Views

Requirement: Need to suppress all instances of the HTTP 'Server' header from all HTTP responses including invalid requests that never even reach the application process. Why we need this: Exposing Server headers as part of response payload is security vulnerability documented under section 14.38. Workaround for Self Host WCF Services: Set below registry flag...