Your security department wants you to do this to make the server type harder to identify. This may lessen the barrage of automated hacking tools and make it more difficult for people to break into the server.
Within IIS, open the web site properties, then go to the HTTP Headers tab. Most of the X- headers can be found and removed here. This can be done for individual sites, or for the entire server (modify the properties for the Web Sites object in the tree).
For the Server header, on IIS6 you can use Microsoft's URLScan tool to remote that. Port 80 Software also makes a product called ServerMask that will take care of that, and a lot more, for you.
For IIS7 (and higher), you can use the URL Rewrite Module to rewrite the server header or blank it's value. In web.config (at a site or the server as a whole), add this content after the URL Rewrite Module has been installed:
<rewrite>
<outboundRules rewriteBeforeCache="true">
<rule name="Remove Server header">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
</outboundRules>
</rewrite>
You can put a custom value into the rewrite action if you'd like. This sample sourced from this article which also has other great information.
For the MVC header, in Global.asax:
MvcHandler.DisableMvcResponseHeader = true;
Edited 11-12-2019 to update the IIS7 info since the TechNet blog link was no longer valid.
You can't do this with the GoDaddy domain management tools, and I don't think you can from the server tools either. If you really want this feature, you can do it dynamically with ASP.Net by writing some code like this (assuming you have a default.aspx page):
<script runat="server">
private void Page_Load(object sender, System.EventArgs e)
{
if (Request.Url == "http://mysite.com")
{
Response.Status = "301 Moved Permanently";
Response.AddHeader("Location","http://www.mysite.com");
}
}
</script>
Best Answer
You'll want to use host headers in IIS
This will allow you host multiple websites on port 80, the default port for http.
DNS is used to tell the internet, where those sites are supposed to exist (the public facing ip address of your webserver). Host headers in IIS, tell that traffic, where to find the files to serve up on the webserver, for that host (which gets passed along in the traffic). You will also want to set index.php as the default page in IIS (I can't remember if it's there by default or not).