How can I mask IIS7 server information without using ServerMask

I use this in my default web.config
<system.webServer>
    <httpProtocol>
        <customHeaders>
            <remove name="X-Powered-By" />
        </customHeaders>
    </httpProtocol>
</system.webServer>

I can fully understand when someone does not want to install additional software on sensitive servers, because of regulations, security or compliance.

In those cases I use a reverse proxy in front of the web server. There are commercial solutions like aiscaler, and open source solutions like Varnish, and CDN services like Fastly or Akamai.
A CDN service like those mentioned has the additional benefit of accelerating your entire application, but it is relevant only if the web site is public.

Thanks Aaron.

When I analyse my header information I also found the following which would give away the fact that I have a windows server:

Server      Microsoft-IIS/7.5      This web server is running Microsoft-IIS/7.5

Set-Cookie      ASPSESSIONIDQCRQBTQA=AKGLKIHACFFCKPBFFEBFLOOE; path=/      The web site is trying to set a cookie (per RFC2109), with the following information: ASPSESSIONIDQCRQBTQA=AKGLKIHACFFCKPBFFEBFLOOE; path=/

I tried modifying web.config as follows:

            <customHeaders>
                <remove name="X-Powered-By" />
                <remove name="Server" />
                <remove name="Set-Cookie" />
            </customHeaders>

Unfortunately it did not remove Server and Set-Cookie.