# 4.6 Custom Headers

#### 📘 Overview

The **Custom Headers** module allows you to define and inject HTTP response headers into all responses served by your ShieldsGuard-protected site.\
This is useful for improving security, enhancing privacy, and customizing browser behavior — without modifying your application code.

***

#### 🛠️ How It Works

You define:

* **Header Variable Name** – The name of the HTTP response header (e.g., `X-Frame-Options`, `X-Powered-By`, `X-XSS-Protection`)
* **Header Variable Content** – The value of that header (e.g., `DENY`, `nosniff`, or any string)

Once created, this header will be **automatically included in every HTTP response**.

***

#### ⚙️ How to Add a Custom Header

1. Navigate to **Security Rules > Custom Response Headers**
2. Click **Create Header Variable**
3. Fill in:
   * `Header Variable Name`: the header key you want to define
   * `Header Variable Content`: the value you want to send
4. Click **Create Variable**
5. The header is now injected into all HTTP responses globally

<figure><img src="/files/V22QcFo5knkvloUKCBqN" alt=""><figcaption></figcaption></figure>

***

#### 📋 Example Use Cases

* Add `X-Content-Type-Options: nosniff` to prevent MIME-type sniffing
* Add `X-Frame-Options: DENY` to block clickjacking
* Add `X-Powered-By: ShieldsGuard` to override default server info

***

#### 🔐 Why It Matters

HTTP response headers allow you to:

* Reduce browser-based attack surfaces
* Hide unnecessary backend information
* Enforce client-side behavior securely

This feature helps maintain a **secure-by-default** posture.

***

🎯 **With just a few clicks, you can set custom headers across your entire site — no coding required.**


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.shieldsguard.com/getting-started/4.-security-rules/4.6-custom-headers.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.