Skip to content
 

Hardening poorly configured services with Cloudflare workers

It seems that Azure is sending x-powered-by header from asp.net, and also the php version. Removing the asp.net header is easy with web.config changes, but the php is tricker. I decided to remove these unwanted header with cloudflare worker-script.

Here’s a simple workes which will remove the x-powered-by headers from your responses.

addEventListener('fetch', event => {
  event.respondWith(handleRequest(event.request))
})

/**
 * Respond to the request
 * @param {Request} request
 */
async function handleRequest(request) {
  const response = await fetch(request),
  newheaders = new Headers(response.headers);
  newheaders.delete("x-powered-by");

 return new Response(response.body , {
		status: response.status,
		statusText: response.statusText,
		headers: newheaders
	})
}

Leave a Reply

(required)