Our security team would like our .NET 2.0 website to appear generic to the user, not indicating any particular architecture. "ReturnURL" indicates an ASP.NET website. (Hiding .ASPX in the address bar is a related request.)
I have already figured out how to hide response headers. Not sure how to hide the things I mentioned above. Is it possible? Do I need to redesign the site?
Thanks for any advice.
I don't think you can change much in 2.0. Later versions have a thing called 'Friendly URLs' that make urls look like mvc urls, with no file extension. As others have said, changing these things won't really help with security.