Forum Discussion
How do I remove HTTP header showing "Microsoft-IIS/10.0"?
PCI scanning has reported Exchange server is exposing its product name. This is a new requirement as it has never been flagged before.
This can be verified by going to the OWA website, opening browser development tools, and looking at the Network section where it reports "server: Microsoft-IIS/10.0".
Either the value or the entire entry needs to be removed to pass PCI scanning.
How do I make this change?
Thank you in advance!
1 Reply
The scanning provider removed this item from their scans. Apparently, it either can't be resolved or they decided it does not represent a vulnerability.
