ASP.NET X-Aspnet-Version

Letter X

The X-Aspnet-Version HTTP header can be removed. This optimizes an ASP.NET web application's bandwidth usage by a small amount. It potentially improves security. We look at this HTTP header in ASP.NET. We then review how you can remove it.


ASP.NET sends version information over on each response header. So when your browser requests an ASP.NET page, the server will inject these headers. Here are some example headers.

Example ASP.NET HTTP headers

X-Aspnet-Version: 2.0.50727
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
ASPNET web programming framework

X-Aspnet-Version. MSDN states "this attribute is used by Visual Studio to determine which version of ASP.NET is in use. It is not necessary for production sites and can be disabled."

Practical uses. Only in a rare situation is the X-Aspnet-Version header useful. It certainly isn't useful to the tens of thousands of views of your site a day. So let us remove it.

Remove version header

On its technical documentation, Microsoft notes the <httpRuntime enableVersionHeader="false"/> tag you can put in Web.config. To do this, open your Web.config in Visual Studio and insert the httpRuntime tag as follows.

Web.config file: XML

<?xml version="1.0"?>

	<!-- reduces size of http response (removes x-aspnet-version) -->
	<httpRuntime enableVersionHeader="false" />

    <!-- More XML here. -->

Verify the results. No problem is solved until you verify your results in the deployed app. You should have Fiddler to see the HTTP requests, but I show Safari 3.1 here. It can view HTTP headers, as can Firebug.

Fiddler Tool for HTTP DebuggingHTTP header screenshot: Web Inspector

Results:The enableVersionHeader attribute in my apps removed around 29 bytes from each response from ASP.NET.

Question and answer

Should I bother with this? It depends what stage you are in on your project. If you are in heavy development and the program is not ready for tweaking, then this isn't important. However, many projects are basically being polished.

Tip:This saves bandwidth and is easy to do. If you send 10,000 responses a day, you will save almost 300 KB of bandwidth a day.

This section provides information

What's the most important here? This sort of investigation can help us learn the intricacies of ASP.NET. The improvement is small, but the general strategy of investigating every aspect of the framework is invaluable.

What doesn't work? Before writing this I tried to remove the three headers above with the Headers.Remove() method. That doesn't work, probably because ASP.NET or IIS7 add those headers after the user code is run.

So:In current versions, it is not helpful to call Response.Headers.Remove("X-Aspnet-Version").


Programming tip

We looked at how you can remove the X-Aspnet-Version header by changing the Web.config settings file in your web applications. I am certain that large sites such as the ones listed would be happy to save 29 bytes on every file they serve.

Tip:Remove X-Aspnet-Version with this simple option. Investigate every aspect of the .NET Framework you can find.

EnableVersionHeader: MSDN