Friday, June 10, 2011

Securing applications by hidding response header

Although it’s fairly obvious that a website is running (through session cookie and the viewstate) you may protect your server by removing a few response headers that advertise the iis and the version. The most common response headers you should remove are the following:
  • X-Powered-By:ASP.NET
  • X-AspNet-Version:*.*.*
  • Server:Microsoft-IIS/*.*