Header 'RESPONSE_Server' overridden following the OWASP security best practice

Author: lorenzobruni

test/Web.config

@@ -11,6 +11,12 @@
                     <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
                 </rule>
             </rules>
+            <outboundRules>
+				<rule name="Hide Server Header">
+				  <match serverVariable="RESPONSE_Server" pattern=".+" />
+				  <action type="Rewrite" value="n/a" />
+				</rule>
+            </outboundRules>
         </rewrite>
     </system.webServer>
 </configuration>