Burp Suite Example
Server: Microsoft-IIS/8.5 Retrieved x-aspnet-version header: 2.0.50727
By default, excessive information about the server and frameworks used by website / web application are returned in the response headers.
These headers can be used to help identify security flaws which may exist as a result of the choice of technology exposed in these headers.
Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks.
- Remove the X-Aspnet-Version HTTP header
- Remove the X-Powered-By HTTP header
- Remove the X-AspNetMvc-Version HTTP header