protected void OnContextPreSendRequestHeaders(object sender, EventArgs e) { if (System.Web.HttpContext.Current != null) { HttpResponse response = System.Web.HttpContext.Current.Response; if (response != null) { if (!ControlExtensions.IsBackend()) { var config = this.UserConfig; var path = System.Web.HttpContext.Current.Request.Url.AbsolutePath; string[] ignores = config.HttpHeaderModule.IgnorePaths.Split(','); //Validate path bool isOkay = true; foreach (var p in ignores) { if (path.StartsWith(p.Trim())) { isOkay = false; break; } } if (isOkay) //okay to process { NameValueCollection headers = response.Headers; if (headers != null) { if (config.HttpHeaderModule.XAspNetVersion) { headers.Remove("X-AspNet-Version"); } if (config.HttpHeaderModule.Server) { headers.Remove("Server"); } if (config.HttpHeaderModule.ETag) { headers.Remove("ETag"); } if (config.HttpHeaderModule.AddXFrameOptions) { headers.Add("X-Frame-Options", config.HttpHeaderModule.XFrameOptionsMode); } } } } } } }