Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Microsoft IIS webserver.

  1. IIS does not include a Server header with version details by default, but if it does, install the URL Rewrite module and add an outbound rule to remove or replace the header:

    <rewrite>
<outboundRules>
<rule name="Remove Server header">
<match serverVariable="RESPONSE_SERVER" pattern=".*" />
<action type="Rewrite" value="" />
</rule>
</outboundRules>
</rewrite>
Back to top