In IIS, can I safely remove the X-Powered-By ASP.NET header?

Solution 1:

Add this to your web.config section

<system.webServer>
    <httpProtocol>
        <customHeaders>
            <remove name="X-Powered-By" />
        </customHeaders>
    </httpProtocol>
</system.webServer>

Solution 2:

This header (and a few other headers) is not required or used by modern browsers and can safely be removed from the web site configuration in IIS without consequence. Other server-side languages also tend to include a "Powered by..." header that can be safely removed. Here is another article that claims the same thing:

http://www.4guysfromrolla.com/articles/120209-1.aspx

[...]

The Server, X-Powered-By, X-AspNet-Version, and X-AspNetMvc-Version HTTP headers provide no direct benefit and unnecessarily chew up a small amount of bandwidth. Fortunately, these response headers can be removed with some configuration changes.

Solution 3:

Yes you can remove it,it will not affect anything. All x-headers are custom/non standard and informational only by definition. Browsers ignore them. The only thing it could affect is some kind of custom application that actually uses them for something e.g. a web crawler that gathers statistics on what technology is being used on what website might use the header to determine if a site uses asp.net. They don't actually do anything.