In IIS, can I safely remove the X-Powered-By ASP.NET header?

Will this cause any harm? Does it serve any purpose other than tell browsers you have .net installed开发者_如何学Go?

I like this article about changing the header to Pure Evil. Genius!

http://www.iishacks.com/index.php/2009/11/11/remove-x-powered-by-aspnet-http-response-header/

Add this to your web.config section

<system.webServer>
    <httpProtocol>
        <customHeaders>
            <remove name="X-Powered-By" />
        </customHeaders>
    </httpProtocol>
</system.webServer>

This header (and a few other headers) is not required or used by modern browsers and can safely be removed from the web site configuration in IIS without consequence. Other server-side languages also tend to include a "Powered by..." header that can be safely removed. Here is another article that claims the same thing:

https://web.archive.org/web/20210506093425/http://www.4guysfromrolla.com/articles/120209-1.aspx

[...]

The Server, X-Powered-By, X-AspNet-Version, and X-AspNetMvc-Version HTTP headers provide no direct benefit and unnecessarily chew up a small amount of bandwidth. Fortunately, these response headers can be removed with some configuration changes.

Yes you can remove it,it will not affect anything. All x-headers are custom/non standard and informational only by definition. Browsers ignore them. The only thing it could affect is some kind of custom application that actually uses them for something e.g. a web crawler that gathers statistics on what technology is being used on what website might use the header to determine if a site uses asp.net. They don't actually do anything.

Yes you can remove it and it will give away less information to automated hacking tools and here you have a tutorial how to get a rid of Server, X-AspNet-Version, X-AspNetMvc-Version (if you use ASP.NET MVC) and X-Powered-By

http://arturito.net/2011/10/21/how-to-remove-server-x-aspnet-version-x-aspnetmvc-version-and-x-powered-by-from-the-response-header-in-iis7/