CORS header code for redirects in layout service

CorsHeaders.cs

HttpResponseBase response = filterContext.HttpContext.Response;
response.Headers["Access-Control-Allow-Origin"] = header;
if (string.IsNullOrWhiteSpace(response.Headers.Get("Access-Control-Allow-Headers")))
    response.AddHeader("Access-Control-Allow-Headers", "*");
if (string.IsNullOrWhiteSpace(response.Headers.Get("Access-Control-Allow-Credentials")))
    response.AddHeader("Access-Control-Allow-Credentials", "true");
if (string.IsNullOrWhiteSpace(response.Headers.Get("Access-Control-Allow-Credentials")))
    response.AddHeader("Access-Control-Expose-Headers", "ETag");
if (!string.IsNullOrWhiteSpace(response.Headers.Get("Access-Control-Max-Age")))
    return;
response.AddHeader("Access-Control-Max-Age", "10");