Remediation Steps
Follow the steps below to remediate this finding on Microsoft IIS webserver.
In IIS Manager, select your site and open HTTP Response Headers.
If X-Powered-By is listed, select it and click Remove in the Actions pane.
For ASP.NET, also remove the X-AspNet-Version header in web.config:
<system.web> <httpRuntime enableVersionHeader="false" /> </system.web>And suppress the X-Powered-By header:
<system.webServer> <httpProtocol> <customHeaders> <remove name="X-Powered-By" /> </customHeaders> </httpProtocol> </system.webServer>