So is there any way to hide X-Powered-By on Nginx?
A:
In .Net, when you create an ASP.Net website, there's a website property in IIS that gets set to return "X-Powered-By: ASP.NET" in the header. You can delete that header insert in the website properties in IIS. I routinely remove it.
Possibly you can find the source of your "X-Powered" header text in the website configuration somewhere.
DOK
2009-06-07 17:32:27
A:
anyone know what this x-powered-by: asp.net header is used for? is it safe to remove? why is it there in the first place?
Mouffette
2009-07-09 05:58:18
Put comments like these as actual comments, and not answers.
musicfreak
2009-07-09 06:02:42
It is there to identify that the site is powered by asp.net ;) It is safe to remove. I suspect it's there so that people who scan websites can check the header and determine what powers the website rather than try to guess based on file extensions (which would fail for sites like SO)
Robert MacLean
2009-07-09 06:03:51
True, but for some reason all the security folks think its better to hide this type info. Either way, I guess its less bytes floating around for nothing.
Mouffette
2009-07-12 04:24:12