Add setting to disable "Server" header in responses
For security purposes, it would be useful to be able to easily disable the "Server" header that is sent by default in IIS HTTP responses so that the web server (IIS) and its version remain private.
Lex Li commented
@Anonymous, the other headers can be removed from IIS configuration file if you don't like them, https://docs.microsoft.com/en-us/iis/configuration/system.webserver/httpprotocol/customheaders/
This should also be the case for the other headers, such as X-AspNet-Version and X-Powered-By
It would be nice to have this option in previous version since companies won't immediately change to have IIS 10.
This is supposed in IIS 10: