How to remove 'Server' header from .net core 3.1 api response?

Question

How to configure .net core 3.1 application to prevent 'Server' in the response header

Answer 1

In .Net 6 ASP.Net Core

builder.WebHost.ConfigureKestrel(options => options.AddServerHeader = false);

Answer 2

If you want to remove the "Kestrel" value returned as Server header, then the correct answer to the question is to do this using the KestrelServerOptions.

While it is possible to use web.config, it is more proper to not have the header added by the runtime to begin with.

This is how you turn off the server header in .NET Core 3.1, add the ConfigureKestrel call within your ConfigureWebHostDefaults method in Program.cs:

webBuilder.ConfigureKestrel(serverOptions =>
{
   serverOptions.AddServerHeader = false;
});

Here is a full example to set the context where you can add it:

public class Program
{
   public static void Main(string[] args)
   {
      CreateHostBuilder(args).Build().Run();
   }

   public static IHostBuilder CreateHostBuilder(string[] args) =>
         Host.CreateDefaultBuilder(args)
            .ConfigureWebHostDefaults(webBuilder =>
            {
               webBuilder.ConfigureKestrel(serverOptions =>
               {
                  serverOptions.AddServerHeader = false;
               });

               webBuilder.UseStartup<Startup>();
            });
}

Answer 3

Add a web.config file to the web project with this content (you may have additional content you merge in to your web.config file):

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <security>
      <requestFiltering removeServerHeader="true" />
    </security>
  </system.webServer>
</configuration>