Removing/Hiding/Disabling excessive HTTP response headers in Azure/IIS7 without UrlScan

Question

I need to remove excessive headers (primarily to pass penetration testing). I have spent time looking at solutions that involve running UrlScan, but these are cumbersome as

Answer 1

Rolling up the previous answers from @giveme5minutes and @AKhooli as they relate to Azure Websites plus a few other items the scanner wants to see, these are the changes that I made to make ASafaWeb happy with an Azure site.

It still complains about the Azure affinity header cookie not being https only but affinity is the type of cookie you do want replayed anyway, right?