4.6 Custom Headers

📘 Overview

The Custom Headers module allows you to define and inject HTTP response headers into all responses served by your ShieldsGuard-protected site. This is useful for improving security, enhancing privacy, and customizing browser behavior — without modifying your application code.

🛠️ How It Works

You define:

• Header Variable Name – The name of the HTTP response header (e.g., X-Frame-Options, X-Powered-By, X-XSS-Protection)

• Header Variable Content – The value of that header (e.g., DENY, nosniff, or any string)

Once created, this header will be automatically included in every HTTP response.

⚙️ How to Add a Custom Header

1. Navigate to Security Rules > Custom Response Headers

2. Click Create Header Variable

3. Fill in:

   • Header Variable Name: the header key you want to define

   • Header Variable Content: the value you want to send

4. Click Create Variable

5. The header is now injected into all HTTP responses globally

📋 Example Use Cases

• Add X-Content-Type-Options: nosniff to prevent MIME-type sniffing

• Add X-Frame-Options: DENY to block clickjacking

• Add X-Powered-By: ShieldsGuard to override default server info

🔐 Why It Matters

HTTP response headers allow you to:

• Reduce browser-based attack surfaces

• Hide unnecessary backend information

• Enforce client-side behavior securely

This feature helps maintain a secure-by-default posture.

🎯 With just a few clicks, you can set custom headers across your entire site — no coding required.