Last updated: 05/16/03 (1.0)
ASP.NET sends two additional HTTP headers that give away too much information - this ISAPI filter removes them. Let's
look at those headers:
They are X-Powered-By and X-AspNet-Version. The latter can be disabled via .config settings (detailed in the
source code of the ISAPI filter), however, the X-Powered-By header cannot be disabled at all.
The filter by default removes both headers as shown in this screenshot:
Note that the Set-Cookie header will still give you away (when using Session state, that is).
As an additional bonus, you can compile the filter to send out bogus Server: and X-Powered-By headers, as shown
in the below screenshot (actual header values from /.):
Download and Installation
Download (size is approx. 52KB)
The most current version number of the filter is 1.0. It is compiled with Visual C++ .NET 2002. Source code is
To use the filter, you have to register it in the Web site properties dialog of ISM (filter is already active in this screenshot):
Simply click Add, name the filter to your liking, point to the installation path and you are done: