As security is getting more and more important these days, as if it wasn’t before… you probably add some response headers to add some extra security. Problem is, I find, that if you set them to strict or to easy, you will need a new deploy, if you manage them in your web.config.
There is a nice library called NWebsec that you can use to do it in code. But you will also need a deploy to change your settings.
Just remember to exclude the NWebsec assemblies from being scanned by EPiServer, as an error will be thrown.
<episerver.framework> ... <scanAssembly forceBinFolderScan="true"> <add assembly="*"/> <remove assembly="NWebsec" /> <remove assembly="NWebsec.Core" /> <remove assembly="NWebsec.Mvc" /> </scanAssembly> ... </episerver.framework>
One last thing, as the settings are loaded on start up, changing them will restart your website. Just so you know.