Although it’s fairly obvious that a website is running asp.net (through session cookie and the viewstate) you may protect your server by removing a few response headers that advertise the iis and the asp.net version. The most common response headers you should remove are the following:
- X-Powered-By:ASP.NET
- X-AspNet-Version:*.*.*
- Server:Microsoft-IIS/*.*
