[mattmanser]

this may be used by an attacker to identify sites that leak internal information

But what does that even mean? We've already discussed below that thinking you can hide an ASP.Net MVC site is wishful thinking unless you totally strip out every identifying part of the framework client-side, there are so many ways I can think of, including the ones below, like the js libraries, the CSRF style, the CSS style the validation uses, the wrapping of JSON responses in a object named d, etc. etc.

I even have vague recollections of coming across odd behaviours in IIS when it sends the allow-continue header in certain scenarios that no other webserver does. Though I can't remember the details now so might be wrong there.

I think you should stop classifying this as a vulnerability and just call it what it actually is, a misconfiguration.

I do like asafaweb, nice tool.