Adding Custom HTTP Headers to a Decisions Installation
  • 24 Jul 2024
  • 1 Minute to read
  • Dark
    Light

Adding Custom HTTP Headers to a Decisions Installation

  • Dark
    Light

Article summary

Overview

As a method of passing additional information through a server, Administrators may wish to add custom HTTP Headers to their environment. In doing so, users may add additional security parameters and authentication measures to their environments.

Use Case
Passing additional security requirements via HTTP Headers into a Decisions environment can help prevent issues such as click-jacking or accidental script runs. 

As the method of adding HTTP Headers to a v7 Installation is the same, regardless of Installation type (ie. Self-Hosted or IIS), the following document demonstrates how to add custom HTTP Headers to a Decisions Installation. 

Additional Resources 
For a list of common HTTP Headers and their functions, see HTTP headers - HTTP | MDN.

Example

To add custom HTTP Headers to a Self-Hosted or IIS Installation:

  1. From the Local File System, navigate to C:\Program Files\Decisions\Decisions Server
  2. Open Settings.xml with the desired Text Editor
  3. Before the closing </Settings>tag, add the following code snippet:
    <CustomHeaders><CustomHeader> 
    <Name>X-Frame-Options</Name> 
    <Value>SAMEORIGIN</Value> 
    </CustomHeader> 
    <CustomHeader> 
    <Name>X-XSS-Protection</Name> 
    <Value>VALUE</Value> 
    </CustomHeader> 
    <CustomHeader> 
    <Name>X-Content-Type-Options</Name> <Value>VALUE</Value> </CustomHeader> </CustomHeaders>

  4. Save and close the Settings file.

  5. Restart the Decisions environment. 

Was this article helpful?