Adding an HTTP Header

You are here
Adding an HTTP Header

Navigation

To get to the Header settings first click on the Security Settings link, as shown below.

security settings link
Security settings link

Header Section

Near the top of the page will be the Add Header section, as shown below.

Add headers to MCS

Add Preset Header

To add a preset header simply click on the drop down menu, choose the header required, and click the Add Header button. The header will appear in the list above. To save the change scroll down to the bottom of the page and click Save Changes.

Add preset headers to MCS

Alter a Preset

Headers can have a variety of options. So, if a preset header needs a tweak before adding simply select it from the drop down menu and click the Edit button (which will appear when selected). The preset header will then appear in a text field and can be edited. Once the edits have been made click the Add Header buton. Remember to save changes.

edit a header preset in mcs

Add a custom header

To add a completely custom header simply choose Custom from the drop down menu. A text field will appear to enter the header. Once the header has been entered click the Add Header buton. Remember to save changes.

custom a header in mcs

Preset Header Dictionary

Content Security Policy | Content-Security-Policy: default-src 'self'

Content Security Policy (CSP) is a security standard introduced to help prevent cross-site scripting (XSS) and other content injection attacks. It achieves this by restricting the sources of content loaded by the user agent to those only allowed by the site operator.

Enable Secure | Strict-Transport-Security: max-age=63072000; includeSubdomains; preload

The HTTP Strict Transport Security (HSTS) header states that your website must only be accessed over the HTTPS protocol.

X Content Type | X-Content-Type-Options: nosniff

The X-Content-Type-Options header is used to protect against MIME sniffing vulnerabilities. These vulnerabilities can occur when a website allows users to upload content to a website however the user disguises a particular file type as something else. This can give them the opportunity to perform cross-site scripting and compromise the website.

XSS Protection | X-XSS-Protection HTTP: 1; mode=block

The x-xss-protection header is designed to enable the cross-site scripting (XSS) filter built into modern web browsers. This is usually enabled by default, but using it will enforce it.