ADDH:param ... add http response headers.
For connections that terminate at the Application Gateway, e.g. manage, status, web, logon, OTP.
param is a list of http response headers or names of groups. The groups must be special groups where the names start with "H_".
The entries must be separated by |, e.g.
ADDH:"X-Frame-Options: DENY|X-Content-Type-Options: nosniff"
ADDH:H_1
A group can contain multiple response headers (each in a separate line, field IPranges).
Example: GroupName;IPranges ;Comment ;eMail
H_1 ;X-Frame-Options: DENY ;HTTP Headers ;
;X-Content-Type-Options: nosniff ; ;
;Content-Security-Policy: script-src 'self' ; ;
;Strict-Transport-Security: max-age=31536000 \s includeSubDomains ; ;
Notes:
- In the groups file field IPranges any semicolon ";" must be masked using "\s".
- Any backslash "\" must be masked using "\\".
- When using the web interface to modify groups a semicolon and a backslash must be entered directly without masking.
- http headers containing a semicolon must be entered via a group because currently routing table entries do not allow additional semicolons.
For http header definition see also Web Security, HTTP headers and Content Security Policy.
Secure Transport Security can be set also using the keyword HSTS.