Geek asks and answers

Removing the response header "Date" http on IIS 7+

I am developing an ASP.NET Web API application that responds to clients with a custom HTTP time header. Although I read several articles describing how to remove response headers from ASP.NET/IIS, this one always seems stable, I can't get rid of it. It seems to be placed in the response pipeline somewhere out of control of the programmer / administrator at the very end.

I know that it’s not good practice not to include the “Date” header in the response, but as I mentioned, the custom datetime header (which is in ticks instead of the string representation) makes it redundant by default; It is also a private API, so I know for sure who uses it and how.

Is there any way to remove this header in IIS (v7 +) for a specific site (or directly from a web API application)?

Edit :
I tried (without success) the following methods:

  • Create a custom handler to remove the header directly from the web API project
  • Register IHttpModule Custom
  • Explicitly removing headers in web.config in section <httpProtocol><customHeaders>
  • Delete HTTP response headers in IIS Manager
  • Header removal code protected void Application_PreSendRequestHeaders(object sender, EventArgs e)inGlobal.asax.cs
+5
source share
2 answers

According to the HTTP Spec , a date header is required , except for these conditions, which, I believe, are not applicable to your case:

Origin servers MUST include a Date header field in all responses, except in these cases:

  1. If the response status code is 100 (Continue) or 101 (Switching
     Protocols), the response MAY include a Date header field, at
     the server option.
  2. If the response status code conveys a server error, e.g. 500
     (Internal Server Error) or 503 (Service Unavailable), and it is
     inconvenient or impossible to generate a valid Date.
  3. If the server does not have a clock that can provide a
     reasonable approximation of the current time, its responses
     MUST NOT include a Date header field. In this case, the rules
     in section 14.18.1 MUST be followed.
+4
source

WebApi/Mvc, , , .

, , IHttpModule IIS. , . .

set :

HttpContext.Current.Response.Headers.Remove("Date");
0

More articles:


All Articles