Information
The x-powered-by headers may specify the underlying technology used by an application. Attackers are able to conduct reconnaissance on a website using these response headers. This header could be used to target attacks for specific known vulnerabilities associated with the underlying technology. Removing this header will prevent targeting of your application for specific exploits by non-determined attackers.
Rationale:
While this is not the only way to fingerprint a site through the response headers, it makes it harder and prevents some potential attackers.
Solution
Enter the following command in AppCmd.exe to configure:
%systemroot%\system32\inetsrv\appcmd.exe set config -section:system.webServer/httpProtocol /-'customHeaders.[name='X-Powered-By']' /commit:apphost
OR
Enter the following command in PowerShell to configure:
Remove-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter 'system.webserver/httpProtocol/customHeaders' -name '.' -AtElement @{name='XPowered-By'}