X-AspNet-Version header found

Rule from http under security category

What is a trooper!

we have submitted your edit to the community for review! We'll review and make it live on the site in the next few hours, the internet thanks you :).

Browse another section of the knowledge base



Suggest an edit

Cancel

This rule has no content... yet.

Add content to this rule

Or just browse to view rules that have content



 

When using ASP.net the framework injects the current version that is running as a header in your response. This gives clients quite a overview of what version of ASP.NET the server might be running, which allows malicious users to quite easily search for security vulnerabilities affecting the serving version of ASP.NET.

It is recommended to disable this header to prevent any leaking of potential information that could aid a attacker.

How do I fix this ?

In your your web.config file on the root of your app add the following:

<system.web>
<httpRuntime enableVersionHeader="false" />
</system.web>

To disable the versioning from ASP.NET MVC, add to the following to Global.asax:

MvcHandler.DisableMvcResponseHeader = true;

Resources

Browse another section of the knowledge base



Signup icon
Ready to see how well your site scores?

Passmarked works best when you have an account. It allows you to keep a dashboard with saved data of the sites you have run through the system, we’ll alert you about important updates and you get access to the Passmarked Slack forum.

Sign up to get started