Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Custom HTTP Module to sanitize SharePoint response header
using System;
using System.Text;
using System.Web;
namespace Custom.ServerModules
{
public class CustomHttpHeaderModule : IHttpModule
{
public void Init(HttpApplication context)
{
context.PreSendRequestHeaders += OnPreSendRequestHeaders;
}
public void Dispose()
{
}
void OnPreSendRequestHeaders(object sender, EventArgs e)
{
TryRemoveResponseHeader("Server");
TryRemoveResponseHeader("X-AspNet-Version");
TryRemoveResponseHeader("X-SharePointHealthScore");
TryRemoveResponseHeader("SPRequestGuid");
TryRemoveResponseHeader("X-Powered-By");
TryRemoveResponseHeader("MicrosoftSharePointTeamServices");
TryRemoveResponseHeader("SPIisLatency");
TryRemoveResponseHeader("SPRequestDuration");
TryRemoveResponseHeader("X-MS-InvokeApp");
// Add header
HttpContext.Current.Response.AddHeader("X-Xss-Protection","1; mode=block");
}
private void TryRemoveResponseHeader(String header){
try {
var isExists = HttpContext.Current.Response.Headers[header] != null;
if(isExists)
HttpContext.Current.Response.Headers.Remove(header);
} catch{}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.