One useful feature that I wouldn't mind having is the possibility to define request filter rules that work on the response.
In particular the possibility to block pages that contain sensitive information.
In ModSecurity it is possible to do that with something like this:
SecRule RESPONSE_BODY "ODBC Error Code"
SecFilterSelective "ODBC Error Code" OUTPUT