Whitehouse.gov ASP.NET code – What is “X-Aspnet-Version”?
January 22, 2009 § Leave a comment
Today, I came across this blog analyzing the new whitehouse.gov site prepared for the Obama administration. I’m not going to comment too much on the blog itself, but there was a section that I had never heard of before, so I thought I’d research it a little more.
The whitehouse.gov site uses ASP.NET 2.0. The HTTP header that identifies the software says “X-Aspnet-Version: 2.0.50727”. There is a way for this header to be removed, which saves about 30 bytes of bandwidth on every response. [Search for ‘X-Aspnet-Version’]
Now, 30 bytes on every request matters basically not at all. On a 56Kbps (Kilobits per second) dialup connection (not broadband, mind you), you’re transmitting about 7KBps (Kilobytes per second). At that speed, 30 bytes would take roughly .004 seconds. So yeah, it basically doesn’t matter at all. However, knowledge for the sake of knowledge is laudable, and besides, removing this information gives potential malicious users one less piece of information to use against you, so I thought I’d figure out exactly how to do this, since the author doesn’t explain how to remove this http header, but instead leaves it as an exercise for the reader.
Turns out, this is really easy. Simply modify your web.config file to specify that version headers should not be enabled – as shown here:
So yeah, quick and easy to do. Granted, it’s probably mostly pointless, but at least you know now, and knowing is half the battle.