ASP.NET MVC version disclosure

  • The HTTP responses returned by this web application include a header named X-AspNetMvc-Version. The value of this header disclose the version of ASP.NET MVC in use. It is not necessary for production sites and should be disabled.
  • To remove the X-AspNetMvc-Version header add the following code in Global.asax, in the Application Start event:
    MvcHandler.DisableMvcResponseHeader = true;