Cache-Control
must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0


Expires
0


options.FormFieldName
AntiforgeryFieldname


options.HeaderName
X-CSRF-TOKEN-HEADERNAME


Pragma
no-cache


Strict-Transport-Security
max-age=31536000; includeSubDomains; preload


X-Content-Type-Options
nosniff


X-Frame-Options
DENY


X-Powered-By
Remove


X-XSS-Protection
1; mode=block

< system.webServer>
	< httpProtocol>
		< customHeaders>
			< remove name="X-Powered-By" />
			< remove name="X-AspNet-Version" />
			< remove name="X-AspNetMvc-Version" />
		< / customHeaders>
	< / httpProtocol>

	< rewrite>
		< outboundRules>
			< rule name="Remove RESPONSE_Server" >
			< match serverVariable="RESPONSE_Server" pattern=".+" />
			< action type="Rewrite" value="EXAMSTEST Server" />
		
		< / outboundRules>
	< / rewrite>
< / system.webServer>

Final view in IIS Manager