The IIS http.sys kernel driver intervenes to block possible malicious URLs, for example this URL https://domain.ext/%2E%2E%2fconsole.portal is blocked with issuing a 403 error (Forbidden URL).
Is it possible to somehow control the HTTP response headers issued by http.sys? At the moment the http.sys documentation states that you can only check the Server header https://docs.microsoft.com/en-us/troubleshoot/iis/httpsys-registry-windows
I'm currently using IIS10 on Windows Server 2019.