Why should I remove other HTTP headers like X-AspNet-Version, Public, and MicrosoftOfficeWebServer?
Certain Web servers betray their identity by displaying other specific headers in HTTP responses from applications servers or other software programs known to be associated with a particular Web server. ServerMask will remove any header value from an IIS Web server response that you enter in the “Remove Headers” tab. By using this option liberally, you can obscure any non-functional HTTP header details that you like, reducing your attack surface in the process. We have also included many popular IIS-related headers that are removed by default in ServerMask. The X-Powered-By and X-AspNet-Version headers are obvious signs that you are running ASP.NET and therefore some flavor of IIS. Few popular Web servers send the Public header in response to OPTIONS requests (while almost all respond with the similar Allow header). The presence of Public is a good indication you are connected to either an IIS box or Netscape Enterprise 3.6 and should be masked. ServerMask can also mask the MicrosoftOf
