I have a application self-hosted OWIN application and I want to remove the Server header ("Microsoft-HTTPAPI/2.0") from all responses. When searching this on Google it looks like a very easy task e.g. this blog post from MSDN shows a solution that seems to be very easy. I followed the instructions:
- Add a registry key DisableServerHeader in HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters and set it to DWORD 1
- Restart the server to make sure HTTP service picks up the change
The result was pretty disappointing, nothing changed and I still get the Server header. What confuses me is, that all solutions do exactly the same and for them it seems to work. Is there anything else that needs to be done to remove the Server header from a self-hosted OWIN application?
In addition to the solution using the registry key, I tried to solve it in code, but the Server header gets added after the OWIN pipeline and thus I cannot remove it.
I tried adding a Server header myself. That works but it still adds the Microsoft-HTTPAPI/2.0 afterwards.
Adding this code as a DelegatingHandler:
HttpResponseMessage response = await base.SendAsync(request, cancellationToken);
response.Headers.Server.Add(new ProductInfoHeaderValue("Foo", "1.0"));Produces this Server header: Server: Foo/1.0 Microsoft-HTTPAPI/2.0
I would assume that there must be an option to get rid of the Server header. Was someone able to remove this header in a self-hosted application?