Restricting HTTP headers in REST API response

Hi Team,

I have developed a REST API in outsystems which returns some response (say 'JSON') , i can able to set custom status code & response in case of error using 'HTTPRequestHandler' system dependency. But how can i restrict the Http headers in the response? example: X-AspNet-Version: 4.0.30319,
X-Powered-By: ASP.NET, i dont want these headers to be shown by the API response headers, please let me know how can we add/modify/delete the response headers in API?


Senthil kumar

Hi Senthil,

Those headers are not added by OutSystems but by your web server (IIS). It is pretty standard for these kinds of headers to be added. Is there any reason for you not wanting them?

Hi Kilian,

Thanks for your reply.

Yes the reason I think it poses a security threat by revealing the exact version of the server. Also, some header like 'X-FRAME-OPTIONS' to control the iframes should be set to allow from a particular domain / same origin, so is there a way to modify their values/ delete them?


Senthil Kumar

Possibly you can do that with configuration inside IIS. If you're in the cloud, you may have to contact whomever manages your cloud environment.