Remove unnecessary headers from http responses.

2018-03-17 14:43:01 +01:00
parent 130c20a30d
commit 8fe526089e
4 changed files with 42 additions and 1 deletions
--- a/VAR.Focus.Web/GlobalModule.cs
+++ b/VAR.Focus.Web/GlobalModule.cs
@@ -0,0 +1,27 @@
+using System;
+using System.Web;
+
+namespace VAR.Focus.Web
+{
+    public class GlobalModule : IHttpModule
+    {
+        public void Dispose() { }
+
+        public void Init(HttpApplication context)
+        {
+            context.PreSendRequestHeaders += Context_PreSendRequestHeaders;
+        }
+
+        private void Context_PreSendRequestHeaders(object sender, EventArgs e)
+        {
+            HttpContext ctx = HttpContext.Current;
+            if (ctx == null) { return; }
+
+            ctx.Response.Headers.Remove("Server");
+            ctx.Response.Headers.Remove("X-Powered-By");
+            ctx.Response.Headers.Add("X-Content-Type-Options", "nosniff");
+            ctx.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
+            ctx.Response.Headers.Add("X-XSS-Protection", "1; mode=block");
+        }
+    }
+}