Creating a custom HTTP response header
You can create a custom application header to improve the security of your application to protect it from client-based attacks. However, use caution when using custom application headers because they might interfere with how the application operates. Be sure to test the application after implementing custom application headers.
- In the navigation panel, click .
- In the Setting Purpose field, click the Filter icon.
- In the Search Text field, enter http/responseHeaders and click Apply.
- Click the instance that contains the name.
- On the Settings tab, in the Value field,
enter the header parameters in the format:{"header name":"header
value"}, or for multiple headers, {"header1 name":"header1
value","header2 name":"header2 value"}.
Following are some examples:
{"X-Content-Type-Options":"nosniff"} {"X-XSS-Protection":"1; mode=block"} {"Strict-Transport-Security":"max-age=31536000; includeSubDomains"} {"X-Content-Type-Options":"nosniff", "X-XSS-Protection":"1; mode=block"}You can add a Content-Security-Policy in a format such as
{"Content-Security-Policy":"default-src 'self'"}, but best practice is to define content security policies as described in Securing your application with a content security policy. - Optional: To see an example configuration, click the History tab.
Previous topic Using HTTP response headers Next topic Testing a custom HTTP response header