Remove unwanted content from Response header from IIS

///////////////////////// web.config

<system.webServer>

    <httpProtocol>

      <customHeaders>

        <clear />

      <!--Remove headers from from iis -->

        <remove name="Allow" />

        <remove name="Server" />

        <remove name="X-Powered-By" />

        <remove name="X-AspNet-Version" />

        <remove name="Cookie" />

        <!--Add extra headers from security in iis -->

        <add name="X-Frame-Options" value="DENY" />

        <add name="X-XSS-Protection" value="1; mode=block" />

        <add name="X-Content-Type-Options" value="nosniff" />

        <add name="Strict-Transport-Security" value="max-age=31536000" />

        <add name="Cache-Control" value="no-cache, no-store" />

        <add name="Pragma" value="no-cache" />

        <add name="Expires" value="-1" />

      </customHeaders>

     

     <!--<remove name="Content-Length" />

     <remove name="Connection" />

     <remove name="Content-Type" />

     <remove name="Cache-Control" />

     <remove name="Date" />-->

    </httpProtocol>

    </system.webServer>

<!--Rewrite server name in iis -->

<system.webServer>

  <rewrite>

      <outboundRules>

        <rule name="Strip Headers">

          <match serverVariable="RESPONSE_SERVER" pattern=".*" />

          <action type="Rewrite" value="ValueYouWant" replace="true" />

          <conditions>

          </conditions>

        </rule>

      </outboundRules>

    </rewrite>

  </system.webServer>

<!--verb TRACE in iis -->

<system.webServer>

<security>

      <requestFiltering>

        <verbs>

          <add verb="TRACE" allowed="false" />

        </verbs>

      </requestFiltering>

    </security></system.webServer>

<!--Set cookies secure with ssl in iis -->

<system.web>

       <httpCookies httpOnlyCookies="true" requireSSL="true" />

  </system.web>


<!--Set cookies secure with ssl in iis -->

<system.webServer>

    <rewrite>

      <outboundRules>

        <rule name="Use only secure cookies" preCondition="Unsecured cookie">

          <match serverVariable="RESPONSE_SET_COOKIE" pattern=".*" negate="false" />

          <action type="Rewrite" value="{R:0}; secure" />

        </rule>

        <preConditions>

          <preCondition name="Unsecured cookie">

            <add input="{RESPONSE_SET_COOKIE}" pattern="." />

            <add input="{RESPONSE_SET_COOKIE}" pattern="; secure" negate="true" />

          </preCondition>

        </preConditions>

      </outboundRules>

    </rewrite>

  </system.webServer>

<!--Allow version compatibility in iis -->
<system.web>

<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID" />

</system.web>