I just pointed ID Serve from grc.com at some development stuff and I got the response below. I am web-publishing a server behind the ISA box. It looks like the ISA is not only telling me that it is publising something, but that it is also running IIS..... Not very good obscurity. Is there a way I can edit the HTTP headers on the ISA box to (1) make it not say who/what it is and (2) mask that it (or anything behind it) is IIS? Thanks. HTTP/1.1 200 OK Via: 1.1 ISADV1 Connection: close Proxy-Connection: close Content-Length: 146 Date: Sun, 03 Mar 2002 23:59:58 GMT Content-Location: http://dmz.com/index.html Content-Type: text/html Server: Microsoft-IIS/5.0 Accept-Ranges: bytes Last-Modified: Sat, 12 Jan 2002 18:42:47 GMT ETag: "cdf1e7ed989bc11:8c0" Query complete.