ASP.NET version disclosure

  • The HTTP responses returned by this web application include anheader named <strong>X-AspNet-Version</strong>. The value of this header is used by Visual Studio to determine which version of ASP.NET is in use. It is not necessary for production sites and should be disabled.
  • Apply the following changes to the web.config file to prevent ASP.NET version disclosure: <pre> <System.Web> <httpRuntime enableVersionHeader="false" /> </System.Web> </pre>