Configure your application to display generic error messages to users, rather than detailed ones that could provide valuable information to attackers.
The X-AspNet-Version HTTP response header is automatically added by IIS-hosted ASP.NET web applications to disclose the exact .NET Framework version (e.g., 4.0.3 ). While this behavior is intended to aid debugging, in production environments, it provides an unnecessary information disclosure that facilitates targeted attacks. This paper details the risks associated with exposing X-AspNet-Version: 4.0.3 , the specific vulnerabilities relevant to that version, and actionable mitigation strategies. x-aspnet-version 4.0.3 vulnerabilities
Removing X-AspNet-Version is for .NET 4.0.3. Because the framework itself is unsupported, you must: Configure your application to display generic error messages