IIS and ASP.NET applications generate responses with "X-" headers that may result in security alerts. These "X-" headers can be removed by installing an IIS plugin called "StripHeaders".
For more information, see https://www.dionach.com/blog/easily-remove-unwanted-http-headers-in-iis-7-0-to-8-5/.
To download the latest plugin release, click https://github.com/Dionach/StripHeaders/releases/tag/v1.0.5.