Adding Custom HTTP Headers to an IIS Installation
- 12 Nov 2021
- 1 Minute to read
- Print
- DarkLight
Adding Custom HTTP Headers to an IIS Installation
- Updated on 12 Nov 2021
- 1 Minute to read
- Print
- DarkLight
Article Summary
Share feedback
Thanks for sharing your feedback!
Overview
As a method of passing additional information through a server, Administrators may wish to add custom HTTP Headers to their environment. Doing so allows Administrators to add additional security parameters to their environments.
Use Case
Passing additional security requirements via HTTP Headers into a Decisions environment can help prevent issues such a click-jacking or accidental script runs.
In contrast to the method of adding tags to Settings.xml (for Self Hosted environments), custom HTTP Headers can be added to an IIS installation in one of two methods:
- Editing the web.config file
- Via IIS Manager
The following document demonstrates how to add custom HTTP Headers to IIS Decisions environments.
Additional Resources
For a list of common HTTP Headers and their functions, see HTTP headers - HTTP | MDN.
Example A: IIS Manager
To add custom HTTP Headers to an IIS Installation via IIS Manager:
- From the Local File System, open Internet Information Services (IIS) Manager by locating it and selecting Run as administrator.
- Navigate to the IIS Installation via the Connections Tree on the left. Then under the IIS category, select HTTP Response Headers and click Open Feature.
- From the HTTP Response Headers page, from the Actions menu on the right, select Add...
- From the Add Custom HTTP Response Header window, provide a Name and desired Value for one of the Headers below, then click OK. Repeat this process for each desired Header.Additional InformationProvide the following Name and Value combinations; see previous link to HTTP Headers doc for potential options for Values denoted as "[Desired Value]" below:
X-Frame-Options SAMEORIGIN X-XSS-Protection [Desired Value] X-Content-Type-Options [Desired Value] 
Restart the Decisions environment.
Example B: web.config
To add custom HTTP Headers in an IIS installation via web.config:
- From the Local File System, navigate to C:\Program Files\Decisions\Decisions Server.
- Open web.config in a Text Editor.
- Before the closing </configuration> tag, add the following codeblock. Additional InformationFor parameters below where the Value is displayed as "VALUE", provide the desired Value. See the previously linked HTTP Headers document for more information on possible configurations.
<CustomHeaders> <CustomHeader> <Name>X-Frame-Options</Name> <Value>SAMEORIGIN</Value> </CustomHeader> <CustomHeader> <Name>X-XSS-Protection</Name> <Value>VALUE</Value> </CustomHeader> <CustomHeader> <Name>X-Content-Type-Options</Name> <Value>VALUE</Value> </CustomHeader> </CustomHeaders>
Save and close the web.config file.
Restart the Decisions environment.
Was this article helpful?
