Hide/remove  unsafe-inline, unsafe-eval and Server version from response header

Hi All,

In one of my application I need to Hide/remove  unsafe-inline, unsafe-eval and Server version from response header

I  need help to achieve the same


Shashikant Shukla


Hi Shashikant,

If I'm not mistaken the unsafe-inline and unsafe-eval are automatically added by the platform when you configure the Content Security Policy via LifeTime security settings. I'm not sure if there's a way to remove them.

The Server version header you can remove by changing the web.config file either directly in IIS (for On-Premises environments only) or by using Factory Configuration tool.

More info: Remove Server Header in IIS 10.0

If you are on OutSystems Cloud, you would only have the option to use Factory Configuration tool in order to change the web.config file.

Hope this helps!



Hi Nordin,

Thank you for your input.

I am having OutSystems Cloud  so can you please help me how I can do it using Factory Configuration tool.

Thanks in advance.


Shashikant Shukla

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.