LogoLogo
  • ShieldsGuard - User Guide
  • Installation Steps
    • Shields Guard Installation
    • Shields Guard SEG Installation
  • Getting Started
    • 1. General Welcome and Site Management Panel
    • 2. Overview
      • 2.1 Today's Data
      • 2.2 Country Statistics
      • 2.3 URL Statistics
      • 2.4 IP Statistics
      • 2.5 HTTP Status Statistics
    • 3. Protection
      • 3.1 DDoS Protection
        • 3.1.1 Google Recaptcha Setup
        • 3.1.2 Friendly Captcha Setup
      • 3.2 WAF – Web Application Firewall
    • 4. Security Rules
      • 4.1 BlackList & WhiteList
      • 4.2 User Agent Filtering
      • 4.3 Query String Filtering
      • 4.4 HTTP Header Filtering
      • 4.5 Block POST Values
      • 4.6 Custom Headers
      • 4.7 Block URL Requests
      • 4.8 URL Path Blocking
      • 4.9 Encrypt Path
      • 4.10 Remove Request Value
      • 4.11 Exclude Directories from Protection
    • 5. Logs
      • 5.1 Access Log
      • 5.2 Security Log
    • 6. Asset Management
      • 6.1 Asset Management
      • 6.2 Network Topology
      • 6.3 Vulnerability Scan
    • 7. Access
  • 8. DNS
  • 9. SSL
  • 10. Subdomain Manage
  • 11. Edit Page
  • ShieldsGuard SEG
    • 1. SEG Dashboard
    • 2. Reporting
    • 3. Analyzed
      • 3.1 Files
      • 3.2 URL
      • 3.3 Mail
      • 3.4 Domain
    • 4. Mail Settings
      • 4.1 File
      • 4.2 Mail Body
      • 4.3 Sender Domain
Powered by GitBook
On this page
Export as PDF
  1. Getting Started
  2. 4. Security Rules

4.6 Custom Headers

📘 Overview

The Custom Headers module allows you to define and inject HTTP response headers into all responses served by your ShieldsGuard-protected site. This is useful for improving security, enhancing privacy, and customizing browser behavior — without modifying your application code.

🛠️ How It Works

You define:

  • Header Variable Name – The name of the HTTP response header (e.g., X-Frame-Options, X-Powered-By, X-XSS-Protection)

  • Header Variable Content – The value of that header (e.g., DENY, nosniff, or any string)

Once created, this header will be automatically included in every HTTP response.

⚙️ How to Add a Custom Header

  1. Navigate to Security Rules > Custom Response Headers

  2. Click Create Header Variable

  3. Fill in:

    • Header Variable Name: the header key you want to define

    • Header Variable Content: the value you want to send

  4. Click Create Variable

  5. The header is now injected into all HTTP responses globally

📋 Example Use Cases

  • Add X-Content-Type-Options: nosniff to prevent MIME-type sniffing

  • Add X-Frame-Options: DENY to block clickjacking

  • Add X-Powered-By: ShieldsGuard to override default server info

🔐 Why It Matters

HTTP response headers allow you to:

  • Reduce browser-based attack surfaces

  • Hide unnecessary backend information

  • Enforce client-side behavior securely

This feature helps maintain a secure-by-default posture.

🎯 With just a few clicks, you can set custom headers across your entire site — no coding required.

Previous4.5 Block POST ValuesNext4.7 Block URL Requests

Last updated 9 days ago