When an exception is thrown and it is not handled, ASP.NET Web API returns a 500 Internal Server Error. This response will have the stack trace details in the response body. However, sending a stack trace is a security risk.
ASP.NET Web API Stack Trace of unhandled exceptions can be avoided by specifying the Never option for the error details inclusion policy in WebApiConfig.cs under the App_Start folder, the stack trace can be stopped from getting to the client.
config.IncludeErrorDetailPolicy = IncludeErrorDetailPolicy.Never;
ASP.NET Web API Stack Trace of unhandled exceptions can be avoided by specifying the Never option for the error details inclusion policy in WebApiConfig.cs under the App_Start folder, the stack trace can be stopped from getting to the client.
config.IncludeErrorDetailPolicy = IncludeErrorDetailPolicy.Never;