I have a couple IIS/6.0 servers that security is asking me to remove a couple of response headers that are sent to client browsers on requests. They are concerned about divulging platform information through response headers. I have removed all the HTTP-HEADERS out of the IIS configuration for the website (X-Powered-By or some such header).
(I personally do know that this information can be easily found out, even if it is hidden, but it isn't my call.)
Headers I want to remove:
- Server - Microsoft-IIS/6.0
- X-AspNet-Version - 2.0.50727
I also know that ASP.NET MVC also emits its own header too, if you know how to remove it also, that would be helpful.
- X-AspNetMvc-Version - 1.0