Dot Net Perls

X-Aspnet-Version Header - ASP.NET

by Sam Allen

Problem

Optimize your ASP.NET web application's bandwidth usage by a small amount and potentially improve security. Remove wasted bytes sent by ASP.NET on each response. You want to easily remove the X-Aspnet-Version header.

Solution: ASP.NET

ASP.NET sends version information over on each response header. So when your browser requests an ASP.NET page, the server will inject these headers:

X-Aspnet-Version: 2.0.50727
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET

X-Aspnet-Version. MSDN states "this attribute is used by Visual Studio to determine which version of ASP.NET is in use. It is not necessary for production sites and can be disabled."

Practical uses. Only in a very rare situation is the X-Aspnet-Version header useful. It certainly isn't useful to the tens of thousands of views of your site a day. So, let's remove it.

Remove version header

In the link above, Microsoft notes the <httpRuntime enableVersionHeader="false"/> tag you can put in Web.config. To do this, open your Web.config in Visual Studio and insert the httpRuntime tag as follows.

<?xml version="1.0"?>
<configuration>
    <configSections/>

    <system.web>
        <!-- reduces size of http response (removes x-aspnet-version) -->
        <httpRuntime enableVersionHeader="false" />

    <!-- etc. -->

Verify the results. No problem is solved until you verify your results in the deployed app. You should have Fiddler to see the HTTP requests, but I show Safari 3.1 here. It can view HTTP headers, as can Firebug.

My results. The enableVersionHeader attribute in my apps removed around 29 bytes from each response from ASP.NET. This includes every web page and non-static file.

Should I bother with this?

It depends what stage you are in on your project. If you are in heavy development and the program is not ready for tweaking, then this isn't important. However, many projects, including the biggest ones in the world, are basically being polished.

Great for polish. This saves bandwidth and is really easy to do. If you send 10,000 responses a day, you will save almost 300 KB of bandwidth a day.

What's the most important here?

This sort of investigation can help us learn the intricacies of ASP.NET. The improvement in our apps from this tiny change isn't huge, but the general strategy of investigating every aspect of the framework is invaluable.

What sites should use this trick?

Here's a list of sites I found that use the X-Aspnet-Version header for (probably) no advantage. Some of these are high-traffic and you will recognize them.

Sites using X-Aspnet-Version
http://www.microsoft.com/
http://www.myspace.com/
http://www.dell.com/
http://arstechnica.com/

What doesn't work?

Before writing this I tried to remove the three headers above with the Headers.Remove() method. That doesn't work, probably because ASP.NET or IIS7 add those headers after the user code is run. So don't try Response.Headers.Remove("X-Aspnet-Version");.

Summary

I am certain that large sites such as the ones listed would be happy to save 29 bytes on every file they serve. Remove X-Aspnet-Version with this simple option. Investigate every aspect of the .NET framework you can find, and read more on Dot Net Perls.

Dot Net Perls
About
Sitemap
Source code
RSS
ASP.NET
Page Load Event and AJAX
Custom ASHX Handler Tutorial
Cache Examples and Overview
System.Timers for ASP.NET Website Tutorial
HtmlTextWriter Use
Recent
Pi
NGEN Installer Class
List Element Equality
DateTime Tips and Tricks
Remove HTML Tags From String
© 2008 Sam Allen. All rights reserved.