Hello @MatthewRiddler-9775 , I assume your question is pertaining to your app deployed in Azure Web App. Please let me know if it's not the case. Assuming that is the case, please try one of the below depending on your configuration.
For Kestrel (In case your app is asp.net core and wired up for kestrel): Try setting Kestrel options like below snippet in Program.cs. The Kestrel Server header gets added too late in the request pipeline. Therefore removing it via the web.config or via middleware is not possible. Note: Below I used UseKestrel instead of ConfigureKestrel.
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
webBuilder.UseKestrel(options => options.AddServerHeader = false)
});
For IIS integrated mode: You need to set in web.config like below:
<configuration>
<system.webServer>
<security>
<requestFiltering removeServerHeader="true" />
</security>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>