IIS puts "Server:Microsoft-IIS6" or something like this string into the returned header from server in http. that is somehow a security hole because a person who is interested in doing bad things or anything to some server its first rule for them to learn what are they dealing with.
so I needed to close this way. I made a research but its kinda old old old articles everywhere and not most of them useful. here is my solution. at the end these is source code included for Xmask I tried to change this server header to something else like "Server:Mascix" but it did not work I dunno why but at the end it cleaned what I wanted :)