Fix guide · low · aspnet_version_leak

X-AspNet-Version / X-AspNetMvc-Version headers exposed

What this rule means

ASP.NET version-disclosure headers are present in responses.

Why it matters

Reveals .NET framework version, useful for fingerprinting.

How to fix it

In web.config:

<system.webServer>
  <httpProtocol>
    <customHeaders>
      <remove name="X-AspNet-Version"/>
      <remove name="X-AspNetMvc-Version"/>
    </customHeaders>
  </httpProtocol>
</system.webServer>

For .NET 6+: builder.WebHost.UseKestrel(o => o.AddServerHeader = false);

Did vibecheck flag this on your app?

If you reached this page from a vibecheck inspection report, the redacted match in your scan output is the exact string we found in your bundle. After applying the fix above, run the inspection again — the finding should clear.

Run another inspection

X-AspNet-Version / X-AspNetMvc-Version headers exposed

Why it matters

How to fix it

Did vibecheck flag this on your app?

Related fix guides