HTTP headers leak technical information to potential attackers about a system. To harden the security of an application you need to disclose as little information about a system as possible. In this post I will show to remove the Asp.net version from HTTP server header responses.
Removing the X-Asp.Net version header
<system.web> <httpRuntime enableVersionHeader="false" /> </system.web>
Or the following can be used if you want to be explicit about what you are removing
<httpProtocol> <customHeaders> <remove name="X-AspNet-Version" /> <remove name="X-AspNetMvc-Version" /> </customHeaders> </httpProtocol>
Adjust Asp.net core security headers
Remove IIS HTTP server header
How to disable insecure cipher suits.
Securing Http with HSTS in IIS
Enable secure cookies over HTTPS.
Remove the IIS version from HTTP response header
Custom Error Pages
Securing website access control