WS/WCF: Remove Server Header

Requirement: Need to suppress all instances of the HTTP ‘Server’ header from all HTTP responses including invalid requests that never even reach the application process. Why we need this: Exposing Server headers as part of response payload is security vulnerability documented under https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html section 14.38. Workaround for Self Host WCF Services: Set below registry flag…

0