Obscure Headers, Cookies, & Error Messages

Remove Unnecessary HTTP Header & Response Data

Broadcasting your Web server's identity allows intruders to complete their first task -- fingerprinting your technology. ServerMask removes unnecessary HTTP header and response data and camouflages your server by providing false signatures.

Eliminate File Extensions

File extensions like .asp or .aspx are clear indicators that a site is running on a Microsoft server. ServerMask lets you eliminate the need to serve file extensions.

Contribute to PCI Compliance

ServerMask provides application-layer error suppression for PCI compliance.

Prevent Hacker Reconnaissance

Improve security by keeping hackers from learning about your server and web apps.

Improved Controls

Control what you display publicly: headers, cookies, file extensions, error pages, and emulate other servers.

Industries We Speed

We provide tools for:

  • Ecommerce
  • Tech
  • Healthcare
  • & More...

Want to see if your server's headers? Use our free header check tool!

Use our header check tool to your server's headers. Check My Headers »

Learn More: Masking Features »

Masking Features

What ServerMask Does:

Contributes to PCI Compliance

ServerMask provides application-layer error suppression for PCI compliance.

Masks Server Name Header

ServerMask will mask the Server name header in a number of ways:

  • Remove altogether
  • Replace with one of 30 other Web server signatures
  • Replace with a custom server name you create
  • Select multiple false Web server signatures and randomize the response (you select how often a response is refreshed).

Per-site Configuration

ServerMask allows for multiple default profiles and the ability to create custom profiles, allowing unique settings to be applied per domain.


Information masking encourages misguided exploits, snaring attackers with your firewalls and Intrusion Detection System. ServerMask augments these defenses to build more secure networks and return better results on security audits.

Modify Cookie Values

The ASP session ID cookie, used by the Session object to maintain client state, is a dead giveaway to the type of server you are running. ServerMask can modify your cookie values so that they are generic in nature and non identifiable.

Custom Error Pages

Default messages, pages and scripts of all kinds often contain clues to server identity. ServerMask custom error pages mask that information for better security.

Rewrite Identifying Session Cookie Names

ServerMask will rewrite identifying session cookie names, such as ASPSessionID and ASP.NET_SessionId, using one or more alternative names and fabricate decoy cookies to further confuse attackers. ServerMask utilizes One-to-many cookie masking.

Remove unnecessary HTTP headers

ServerMask removes unnecessary HTTP headers, such as PUBLIC, X-POWERED-BY and others.

Emulate Other Server Data

ServerMask will emulate the ETAG and ALLOW header formats of non-IIS servers. (As well as Apache's HTTP header order.)

Remove Identifying File Extensions

ServerMask removes identifying file extensions, such as .asp, .aspx and other Microsoft technologies from source code and URL display.

Ease of Use

Completely redesigned user interface, featuring 100% managed code.

Decoys & Error Messages

ServerMask provides Auto-generated decoy cookies and headers, and customizable HTTP error messages.

Diagnostics & Validation

Online diagnostic tool for checking page cacheability and validation tool provided for checking syntax of rule statements

Rewrite 404 & Application-layer Errors

ServerMask suppresses info leakage by converting 500-range errors to 404 errors, then presenting custom 404 responses.

Learn More: Requirements »


System Requirements

  • A compatible version of IIS and Windows:
    • IIS 8.5 / Server 2012 R2
    • IIS 8 / Server 2012
    • IIS 7.5 / Server 2008 R2
    • IIS 7 / Server 2008
    • IIS 6 / Server 2003
  • Compatible hardware:
    • x86 (32-bit)
    • x64 (64-bit)

The following runtimes are also required but can be installed by the ServerMask installer if not already present on the target system:


  • IIS 5.0 Isolation (compatibility) Mode on IIS 6.0 / Server 2003 is not supported.

Learn More: Overview »