there is little benefit in hiding the server details in the response details. It's still possible to determine the WebServer by profiling the responses. If you still want to do this you can disable the header by setting a registry key
I'd suggest that you're better off enabling SSL, disabling the insecure protocols and making sure the host is patched.
On that front be aware that there is a critical bug in HTTP.sys that was published this week. Patch Now!
https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12 (Also works for QVWS)