If you're desperate to remove it you could edit the source and recompile, but I've no idea whether that might have a knock-on effect and break other functionality. If you want to give it a go, it's the onInit method of UmbracoDefault class.
Why you want to do this? Personally I wouldn't touch the source code for this. When you do that it means that you need to tweak the souce for every upgrade.
yes i'm serious about it. getting a lot of request that is driving me nuts. btw richard, have you seen my other post regarding the media picker. It's bugging me for a couple of days now and I'm stuck on how to solve it. Maybe you can give some idea.
To be able to remove the "X-Umbraco-Version" http header is IMHO a reasonable request (fully comparable with the possibility to be able to *not* be forced to use a "meta generator" tag to expose your platform and the possibility to be able to rename the /umbraco folder if need be).
It is IMHO good practice not to expose your CMS brand at all if you are at all concerned for "script kiddie attacks" or automated robot attacks to your site. If you've ever thought about providing top notch defences for your site against that, this requirement IMHO is a no-brainer (Wordpress is for example proven again and again as extremely vulnerable to script kiddie attacks since it announces its version as a metatag in pracrtically all its provided templates - thereby making WP sites open for "harvesting" by spiders and robots dedicated to find "hackable" sites - ie. sites that has not been updated (yet) each time there's a security update)
IMHO Umbraco would be an even better system if this was opt-out configurable somehow. Granted - the risks are smaller in te Umbraco universe, but this is still a reasonable requirement for those concerned about security!
ie. short version: I'm also interested as this as a security enhancing feature. Is it possible somehow, or would the core team please consider this as an extension to the Umbraco settings?
remove the umbraco http header
Is there a way to remove the http header X-Umbraco-Version: 4.6 on my umbraco installation?
Try editing the umbraco.aspx
Didn't find anything there.
Hi Sherry,
This http header is set by umbraco.dll.
If you're desperate to remove it you could edit the source and recompile, but I've no idea whether that might have a knock-on effect and break other functionality. If you want to give it a go, it's the onInit method of UmbracoDefault class.
Lesley
Hi,
Why you want to do this? Personally I wouldn't touch the source code for this. When you do that it means that you need to tweak the souce for every upgrade.
Cheers,
Richard
Client request. :(
Serious? Well what you always could do is write an HTTPModule that removes the header, but still seems silly to me ;-)
yes i'm serious about it. getting a lot of request that is driving me nuts. btw richard, have you seen my other post regarding the media picker. It's bugging me for a couple of days now and I'm stuck on how to solve it. Maybe you can give some idea.
To be able to remove the "X-Umbraco-Version" http header is IMHO a reasonable request (fully comparable with the possibility to be able to *not* be forced to use a "meta generator" tag to expose your platform and the possibility to be able to rename the /umbraco folder if need be).
It is IMHO good practice not to expose your CMS brand at all if you are at all concerned for "script kiddie attacks" or automated robot attacks to your site.
If you've ever thought about providing top notch defences for your site against that, this requirement IMHO is a no-brainer (Wordpress is for example proven again and again as extremely vulnerable to script kiddie attacks since it announces its version as a metatag in pracrtically all its provided templates - thereby making WP sites open for "harvesting" by spiders and robots dedicated to find "hackable" sites - ie. sites that has not been updated (yet) each time there's a security update)
IMHO Umbraco would be an even better system if this was opt-out configurable somehow. Granted - the risks are smaller in te Umbraco universe, but this is still a reasonable requirement for those concerned about security!
ie. short version: I'm also interested as this as a security enhancing feature. Is it possible somehow, or would the core team please consider this as an extension to the Umbraco settings?
An option in umbracoSettings.config to enable / disable would be ideal.
Yes I'd vote this up, if it was a ticket on Codeplex. /Lau
Ticket submitted - http://umbraco.codeplex.com/workitem/30410 - Please vote it up if this issue concerns or affects you.
Thank you voters (and Niels :) )!
The issue is now marked as resolved in codeplex, and a solution included for release in 4.7.1.
Yup, just did a search for it (and disabled it) in the umbracoSettings.config: <removeUmbracoVersionHeader>true</removeUmbracoVersionHeader>
Thank you friendly open source cms!
From the release notes of 4.8.1
#h5yr !
Thank you for taking this seriously !
is working on a reply...