How to Disable the Server HTTP Header in Microsoft IIS

March 10, 2025 / Servers, Hosting & Email

Exposing server details through HTTP headers can pose security risks. IIS sends the Server header by default in HTTP/HTTPS responses. This guide walks you through the steps to disable it for improved security.

Steps to Disable the Server Header:

  1. Open IIS Manager.
  2. Connect to the local server.
  3. Select the Default Web Site.
    information
  4. Double-click Configuration Editor.
  5. In the Section dropdown list, navigate to:
    webServer > security > requestFiltering
    edit
  6. Locate removeServerHeader and set its value to True.
  7. Click Apply in the Action panel at the top right corner.
    manager3

This configuration will prevent IIS from revealing the Server header in HTTP responses, enhancing security.

Improving server security?
Gain full control over IIS and configurations with a Windows VPS solution.
Spread the love