You can remove HTTP headers to help secure your WRM site. To do so, steps will need to be taken on the server. These steps will vary depending on your version of IIS.
IIS 10
Edit both Web.Config files (UI and Core) to uncomment the following section:
IIS 8 & 8.5
Use Microsoft's UrlRewrite module as detailed in section 3 of the Remove Unwanted HTTP Response Headers article on the Microsoft website. This process is also detailed in the Remove Server Response Header IIS 8.0 / 8.5 thread on Stackoverflow
IIS 7.5
Use Microsoft's UrlScan as detailed in this article from Troy Hunt.