Click here to Skip to main content
15,939,853 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I'm evaluating a 3rd party website for a client. All the pages end in a .ASP extension (which I'm familiar with from the old days of Classic ASP). The response headers include a "X-Powered-By" value of ASP.Net, and the page content doesn't include the ASP.Net Webforms-specific hidden fields like __EVENTTARGET and __VIEWSTATE.

I'm assuming these are ASP.Net MVC pages, but is there a "fingerprint" that would confirm this?

What I have tried:

Reviewed raw http headers for requests to the site

1 solution

IIRC, the X-Powered-By header is added if ASP.NET is installed on the server; it doesn't tell you that the current page was actually generated by ASP.NET.

I don't think there's any realy way you can tell from the outside whether this is a "classic" ASP site, an ASP.NET WebForms site coded without server-side forms, an ASP.NET MVC site, or something else entirely. You'd need to look on the server itself to find out.
Share this answer
DerekT-P 7-Nov-23 12:18pm    
Thanks Richard; I suspected that might be the case! I'm aware just having ASP.Net installed includes that header. I was thrown by the ".asp" extension (indeed surprised to see it at all these days!). The site we're looking at "looks" modern and uses AJAX (which isn't incompatible with classic ASP of course) but just a bit concerned that under the hood it might be really ancient code...

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900