You can create a custom application header to improve the security of your application to protect it from client-based attacks. However, use caution when using custom application headers because they might interfere with how the application operates. Be sure to test the application after implementing custom application headers.
-
In the navigation panel, click .
-
In the Setting Purpose field, click the
Filter icon.
-
In the Search Text field, enter
http/responseHeaders and click
Apply.
-
Click the instance that contains the name.
-
On the Settings tab, in the Value field,
enter the header parameter in one of the following formats.
- Single value headers: {"header name1":"header value","header
name2":"header value"}.
- Multiple values headers: {"header name1":"header value1, header value2,
header value3","header name2":"header value"}.
Note: Do not attempt to set a custom X-Frame-Options response header. The correct security
setting to use instead is Content Security Policy. For more information, see
Content security policies.
- Optional:
To see an example configuration, click the History tab.