divetennis
asked on
IIS 7 and above question.
For HKLM\SYSTEM\CurrentControl Set\Servic es\HTTP\Pa rameters\D isableServ erHeader (REG-DWORD) i realised that on some IIS servers in the registry there is no such entry.
May i find out if this entry is not found in the registry, what is the default?
Thanks!
May i find out if this entry is not found in the registry, what is the default?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes. By default the server sends headers. There are hidden values that they don't want you to override unless you have a specific reason. You'll note in the instructions in the url it says to create it and set it to 1.
You can also control the these HTTP Response headers without editing the registry.
I recommend that you use IIS Manager to modify the response readers using the HTTP Response Header feature. You can modify the headers at the Server level. The sites on the server will inherit the settings from the server unless they have been overridden at the site level.
Link: https://technet.microsoft.com/en-us/library/cc771148(v=ws.10).aspx
You can control common headers like HTTP keep-alives and content cache control (content expiration). You can also set custom headers if necessary or setup other site headers that help in securing your site. For example:
Content-Security-Policy
Strict-Transport-Security
X-Content-Type-Options
x-frame-options
x-xss-protection
The feature allows you to delete and/or add headers to the server as a whole or you can drill down and modify individual site headers.
** side-note: I haven't modified the registry of an IIS server to control IIS actions in over 10 years. I don't recommend it now. **
Dan
I recommend that you use IIS Manager to modify the response readers using the HTTP Response Header feature. You can modify the headers at the Server level. The sites on the server will inherit the settings from the server unless they have been overridden at the site level.
Link: https://technet.microsoft.com/en-us/library/cc771148(v=ws.10).aspx
You can control common headers like HTTP keep-alives and content cache control (content expiration). You can also set custom headers if necessary or setup other site headers that help in securing your site. For example:
Content-Security-Policy
Strict-Transport-Security
X-Content-Type-Options
x-frame-options
x-xss-protection
The feature allows you to delete and/or add headers to the server as a whole or you can drill down and modify individual site headers.
** side-note: I haven't modified the registry of an IIS server to control IIS actions in over 10 years. I don't recommend it now. **
Dan
ASKER