How to modify headers
We're using Fortify to set a pair of response headers by extending a wildcard configuration with a route configuration. The demo page prints the response headers for you to see.
We're also enforcing HTTPS on all routes. Insecure HTTP requests are upgraded to HTTPS and insecure data requests (POST, etc) receive a 403.
Fortify can add or delete any request or response headers including important security headers like CSP, HSTS, and CORS. Use Fortify to compose complex configurations and secure your website without modifying your source code!
In the configuration below, Fortify will attach a
global-header to every response and a
page-header in responses to requests made to www.networkchimp.fun/fortify-demo.
Once installed, navigate to your site and inspect the relevant HTTP headers. Check it out in the browser below. Fortify extends the global wildcard configuration to set both headers on our demo page.
Click on the
or send a
POST http://www.networkchimp.fun/fortify-demo request to
see HTTPS enforcement in action.