Creating a custom application header

You can create a custom application header to improve the security of your application to protect it from client-based attacks. However, use caution when using custom application headers because they might interfere with how the application operates. Be sure to test the application after implementing custom application headers.

  1. In the Explorer panel, click Records > SysAdmin > Dynamic System Settings.
  2. In the Setting Purpose field, click the Filter icon.
  3. In the Search Text field, enter http/responseHeaders and click Apply.
  4. Click the instance that contains the name.
  5. On the Settings tab, in the Value field, enter the header parameter in one f the following formats.
    • Single value headers: {"header name1":"header value","header name2":"header value"}.
    • Multiple values headers: {"header name1":"header value1, header value2, header value3","header name2":"header value"}.
      Header name Header parameter
      X-Frame-Options Value=Deny
      If you set this parameter for all your pages, keep in mind that these pages cannot be embedded in a page from a different site.
      Value=Allow from uri
      X-XSS-Protection mode=block
      HTTP Strict-Transport-Security Value=max-age=expireTime
      Content-Security-Policy Value=default-src 'self'
  6. Optional: To see an example configuration, click the History tab.