In IIS, can I safely remove the X-Powered-By ASP.NET header?
Solution 1:
Add this to your web.config section
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
Solution 2:
This header (and a few other headers) is not required or used by modern browsers and can safely be removed from the web site configuration in IIS without consequence. Other server-side languages also tend to include a "Powered by..." header that can be safely removed. Here is another article that claims the same thing:
http://www.4guysfromrolla.com/articles/120209-1.aspx
[...]
The Server, X-Powered-By, X-AspNet-Version, and X-AspNetMvc-Version HTTP headers provide no direct benefit and unnecessarily chew up a small amount of bandwidth. Fortunately, these response headers can be removed with some configuration changes.
Solution 3:
Yes you can remove it,it will not affect anything. All x-headers are custom/non standard and informational only by definition. Browsers ignore them. The only thing it could affect is some kind of custom application that actually uses them for something e.g. a web crawler that gathers statistics on what technology is being used on what website might use the header to determine if a site uses asp.net. They don't actually do anything.