Friday, November 13, 2015
IIS is, by default, a bit too damn chatty, which isn't what you want if you're trying to harden your server. You can check this with a site like SecurityHeaders.io [https://securityheaders.io/], which will review all your HTTP Headers for you.Why would I need to tell the world what ASP version, webserver, etc. that I'm using? Isn't this just helping potential attackers? Well, yes. How do you remove these headers, though?Server: ...