SQL Server administration and T-SQL development, Web Programming with ASP.NET, HTML5 and Javascript, Windows Phone 8 app development, SAP Smartforms and ABAP Programming, Windows 7, Visual Studio and MS Office software
IIS Server Tutorials, Downloads and ASP.NET Code samples for WEB Developers


How to Remove HTTP Response Header X-AspNet-Version from Internet Information Services IIS 7

ASP.NET web sites send the ASP.NET version information in the web server HTTP Response Header as X-AspNet-Version value automatically to the client. Informing the client about the Microsoft .NET Framework version that the web site is build using might be considered as a security issue. And IIS Administrators prefer to hide ASP.NET version by removing the X-AspNet-Version from HTTP Response Header.





Here is an online tool which can help webmasters to view HTTP Response Header information of their websites. I use the Rex Swain's HTTP Viewer online tool for displaying content of the HTTP Response of my website.

Here is the HTTP Response Header output of the online web tool for "www.microsoft.com" website.
What is important in the below response is the X-AspNet-Version:2.0.50727 which is automatically added.

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /en/us/default.aspx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 791871331000000000
P3P: CP="ALL IND DSP COR ADM CON CUR CUSo IVAo IVDo PSA PSD TAI TEL OUR SAM CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 08 Nov 2011 10:21:09 GMT
Content-Length: 142

In order to remove HTTP Response Header X-AspNet-Version from IIS (Internet Information Services) served pages, ASP.NET developers or IIS Administrators can simply add the following configuration line to the target website application's web.config configuration file.

Open web.config configuration file
Find <system.web> configuration section.
Look for httpRuntime tag.
If the ASP.NET version information is being displayed then the enableVersionHeader attribute should have the true as value. Change the enableVersionHeader attribute of the httpRuntime tag to "false"
If httpRuntime attribute does not exist, you can added right after the openning of <system.web> section.



IIS Server


Copyright © 2004 - 2021 Eralper YILMAZ. All rights reserved.