Links may not function; however, this content may be relevant to outdated versions of the product.
Creating a custom application header
You can create a custom application header to improve the security of your application to protect it from client-based attacks. However, use caution when using custom application headers because they might interfere with how the application operates. Be sure to test the application after implementing custom application headers.
- In the navigation panel, click .
- In the Setting Purpose field, click the Filter icon.
- In the Search Text field, enter http/responseHeaders and click Apply.
- Click the instance that contains the name.
- On the Settings tab, in the Value field,
enter the header parameters in the format:{"header name":"header
value"}, or for multiple headers, {"header1 name":"header1
value","header2 name":"header2 value"}.
Following are some examples:
{"X-Content-Type-Options":"nosniff"} {"X-XSS-Protection":"1; mode=block"} {"Strict-Transport-Security":"max-age=31536000; includeSubDomains"} {"X-Content-Type-Options":"nosniff", "X-XSS-Protection":"1; mode=block"}
You can add a Content-Security-Policy in a format such as
{"Content-Security-Policy":"default-src 'self'"}
, but best practice is to define content security policies as described in Securing your application with a content security policy.Note: For browsers other than Internet Explorer, do not attempt to set a custom X-Frame-Options response header. The correct security setting to use instead is Content Security Policy. For more information, see Content security policies. If you use both X-Frame-Options and content security policy, be sure to test to verify that the options function as intended. - Optional: To see an example configuration, click the History tab.
Previous topic Using HTTP response headers Next topic Testing a custom application header