Removing the X-Asp.Net version header

By | Mar 27, 2018

HTTP headers leak technical information to potential attackers about a system. To harden the security of an application you need to disclose as little information about a system as possible. In this post I will show to remove the version from HTTP server header responses.

Removing the X-Asp.Net version header

<httpRuntime enableVersionHeader="false" />

Or the following can be used if you want to be explicit about what you are removing

<remove name="X-AspNet-Version" />
<remove name="X-AspNetMvc-Version" />

Related posts

Adjust core security headers
Remove IIS HTTP server header
How to disable insecure cipher suits.
Securing Http with HSTS in IIS
Enable secure cookies over HTTPS.
Remove the IIS version from HTTP response header
Custom Error Pages
Securing website access control


0 0 votes
Article Rating
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments