ContributionsMost RecentMost LikesSolutionsRe: Swagger doesn't like <requestFiltering removeServerHeader="true" /> in web.config I had the line in the wrong section. New web.config: <?xml version="1.0" encoding="utf-8"?> <configuration> <!-- To customize the asp.net core module uncomment and edit the following section. For more info see https://go.microsoft.com/fwlink/?linkid=838655 --> <system.webServer> <directoryBrowse enabled="false" /> <security> <requestFiltering removeServerHeader="true" /> </security> <httpProtocol> <customHeaders> <add name="X-Content-Type-Options" value="nosniff" /> <remove name="X-Powered-By" /> </customHeaders> </httpProtocol> </system.webServer> </configuration> Swagger doesn't like <requestFiltering removeServerHeader="true" /> in web.config Swagger stops working with <requestFiltering removeServerHeader="true" /> in web.config. Brand new Asp.net Core API (5.0.8) with Swagger. I am trying to follow The ASP.NET Core security headers guide Is this web article incorrect or out-of-date? My working web.config: <?xml version="1.0" encoding="utf-8"?> <configuration> <!-- To customize the asp.net core module uncomment and edit the following section. For more info see https://go.microsoft.com/fwlink/?linkid=838655 --> <system.webServer> <httpProtocol> <customHeaders> <add name="X-Content-Type-Options" value="nosniff" /> <remove name="X-Powered-By" /> <!-- <requestFiltering removeServerHeader="true" /> --> </customHeaders> </httpProtocol> </system.webServer> </configuration> Solved