ASP.NET MVC version disclosure

Description
  • The HTTP responses returned by this web application include a header named <strong>X-AspNetMvc-Version</strong>. The value of this header disclose the version of ASP.NET MVC in use. It is not necessary for production sites and should be disabled.
Remediation
  • To remove the X-AspNetMvc-Version header add the following code in Global.asax, in the Application Start event: <pre> MvcHandler.DisableMvcResponseHeader = true; </pre>
References