Recommended Best Practices for the Inventory Beacon

Removing the SERVER header from HTTP responses

The inventory beacon automatically removes the SERVER header from most HTTP responses. However, when IIS receives an invalid URL, the Windows HTTP.SYS driver handles the request before it reaches the application layer, and returns a SERVER header value of Microsoft-HTTPAPI/2.0. This behavior cannot be controlled through application code.

If your security or compliance requirements mandate removing this header, you can disable it by modifying the Windows registry.

To remove the SERVER header from all HTTP responses:

Open the Registry Editor (regedit.exe).
Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters.
Create a new DWORD value named DisableServerHeader and set its value to 1.
Restart the HTTP service:
```
net stop http
net start http
```
Alternatively, restart the server.

important

This registry change removes the SERVER header from all HTTP responses served by IIS on this server, including responses from the inventory beacon and any other applications hosted on the same server.

Removing the SERVER header from HTTP responses​

Removing the SERVER header from HTTP responses