Fortify
How to modify headers
Overview
We're using Fortify to set a pair of response headers by extending a wildcard configuration with a route configuration. The demo page prints the response headers for you to see.
We're also enforcing HTTPS on all routes. Insecure HTTP requests are upgraded to HTTPS and insecure data requests (POST, etc) receive a 403.
Additional Notes
Fortify can add or delete any request or response headers including important security headers like CSP, HSTS, and CORS. Use Fortify to compose complex configurations and secure your website without modifying your source code!
In the configuration below, Fortify will attach a global-header
to every response and a page-header
in responses to requests made to www.networkchimp.fun/fortify-demo.
Once installed, navigate to your site and inspect the relevant HTTP headers. Check it out in the browser below. Fortify extends the global wildcard configuration to set both headers on our demo page.
Click on the
http
link
http://www.networkchimp.fun
or send a
POST http://www.networkchimp.fun/fortify-demo
request to
see HTTPS enforcement in action.