In this post, you will learn to remove the x-powered-by: ARR response header. By removing unnecessary headers from the response we can reduce the quantity of data transmitted from the web server back to the server. and It makes it a bit harder for attackers to determine the software that is powering the web server.
Let’s use appcmd.exe to disable the ARR response header from the IIS reverse proxy.
C:\Windows\system32\inetsrv\appcmd.exe set config -section:system.webServer/proxy -arrResponseHeader:false /commit:apphost
You have to restart IIS otherwise the headers will keep showing up.
iisresetHere is the respose header after restart:
To verify that these are the right elements you can check schema file
gc C:\Windows\system32\inetsrv\config\schema\arr_schema.xml