Fortify

How to modify headers

Overview

We're using Fortify to set a pair of response headers by extending a wildcard configuration with a route configuration. The demo page prints the response headers for you to see.

We're also enforcing HTTPS on all routes. Insecure HTTP requests are upgraded to HTTPS and insecure data requests (POST, etc) receive a 403.

Additional Notes

Fortify can add or delete any request or response headers including important security headers like CSP, HSTS, and CORS. Use Fortify to compose complex configurations and secure your website without modifying your source code!

<  Previous Tutorial  |  Next Tutorial  >

Step 1

Configure and install Fortify.

This demo uses Fortify to set up a complex, route-based configuration.

Route Configuration

Configuration Notes

Global headers that get applied to all networkchimp.com pages

Route URL

*networkchimp.com*

Response Headers

global-header: its-delicious

Enforce HTTPS

true

Configuration Notes

A response header for just the demo page

Route URL

www.networkchimp.com/fortify-demo

Response Headers

demo-header: and-nutritious

Step 2

Your requests are Fortified!

Once installed, navigate to your site and inspect the relevant HTTP headers. Check it out in the browser below. Fortify extends the global wildcard configuration to set both headers on our demo page.

Click on the http link http://www.networkchimp.com or send a POST http://www.networkchimp.com/fortify-demo request to see HTTPS enforcement in action.

https://networkchimp.fun/fortify-demo

Install Fortify