Since we're using SSL of course I was only able to see the headers, but I was wondering what could happen I we didn't use it. Could you imagine someone in that circumstances download CAIN?

Anyway, I see that the "**** storm" you meant was just a consequence of a missconfiguration (even if that config was exctracted from Microsoft docs), or better, if you build NLB clusters it's important you tune up the config. That's what I learned thank you and one day testing... If someone gets offended because my poor knowledge it's his/her bussiness, I don't really care...

I'm happy to see the issue solved and to see that NLB works really fine if you use and configure it properly