X-aspnetmvc-version [NEW]

Technically, the header isn't required for the application to function. Historically, Microsoft included these "fingerprinting" headers for:

The X-AspNetMvc-Version header is a legacy artifact of the ASP.NET MVC framework. While it was intended to help with version tracking, in the modern web, it serves as an unnecessary beacon for attackers. By setting MvcHandler.DisableMvcResponseHeader = true , you practice , making it just a little bit harder for malicious actors to profile your infrastructure.

Modern security best practices dictate that this header should be removed or suppressed. It is considered "information leakage" that provides no benefit to the end-user and serves as a potential aid to malicious actors. x-aspnetmvc-version

protected void Application_Start() // Remove the X-AspNetMvc-Version header MvcHandler.DisableMvcResponseHeader = true; AreaRegistration.RegisterAllAreas(); FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters); RouteConfig.RegisterRoutes(RouteTable.Routes); BundleConfig.RegisterBundles(BundleTable.Bundles); Use code with caution. 2. Using Web.config (For other headers)

A nice and specific topic!

curl -I https://example.com | grep -i X-AspNetMvc

(Note: Method 3 does not always work for MVC-added headers; methods 1 or 2 are preferred.) Technically, the header isn't required for the application

Removing X-AspNetMvc-Version is a standard hardening procedure for ASP.NET applications. The method depends on the version of the framework being used: