How to modify headers


We're using Fortify to set a pair of response headers by extending a wildcard configuration with a route configuration. The demo page prints the response headers for you to see.

We're also enforcing HTTPS on all routes. Insecure HTTP requests are upgraded to HTTPS and insecure data requests (POST, etc) receive a 403.

Additional Notes

Fortify can add or delete any request or response headers including important security headers like CSP, HSTS, and CORS. Use Fortify to compose complex configurations and secure your website without modifying your source code!

Step 1
Configure and install Fortify.

In the configuration below, Fortify will attach a global-header to every response and a page-header in responses to requests made to

Route Configuration

Configuration Notes
Global headers that get applied to all pages
Route URL
Response Headers
global-header: its-delicious
Enforce HTTPS
Configuration Notes
A response header for just the demo page
Route URL
Response Headers
page-header: and-nutritious
Step 2
Your requests are Fortified!

Once installed, navigate to your site and inspect the relevant HTTP headers. Check it out in the browser below. Fortify extends the global wildcard configuration to set both headers on our demo page.

Click on the http link or send a POST request to see HTTPS enforcement in action.