I added the last two lines to Web.config in response to wagging fingers from the asafaweb (https://asafaweb.com/) report on my site:
<system.web>
<compilation debug="false" targetFramework="4.0" />
<httpRuntime targetFramework="4.0" />
<httpRuntime enableVersionHeader="false" />
<customErrors mode="RemoteOnly" defaultRedirect="~/BooBoo" />
</system.web>
...but had to comment out the "enableVersionHeader" one because of a YSOD.
This is the info asafaweb gave me that caused me to want to make that addition:
The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform: Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET X-AspNet-Version: 4.0.30319 Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks.
I then combined the two "httpRuntime" lines into one:
<httpRuntime targetFramework="4.0" enableVersionHeader="false" />
...but asafaweb still gives me the same warning. So what's the problem?
Based on the link in the comment, I added this:
...to Web.config, but then I got this YSOD:
HTTP Error 500.19 - Internal Server Error The requested page cannot be accessed because the related configuration data for the page is invalid.
IIRC the "X-Powered-By" header is not left out because of enableVersionHeader (it's not a version header).
Take a look at this discussion: How to remove IIS/ASP.NET Response Headers