Understand SaaS Custom Headers
Understand the custom HTTP headers you will use before you create HTTP Header Insertion Rules for your Palo Alto Networks® firewall.
Before you begin, make sure you understand the custom HTTP headers you will use with the SaaS application you are managing. You need to understand what you can accomplish with these headers and the information you need to specify to accomplish your goals.
Be aware that SaaS applications that use custom headers do not always use them to control access to types of accounts. For example, Palo Alto Networks® provides predefined support for YouTube custom headers that determine whether network users can access restricted content.
You should also read the documentation specific to the SaaS application to which you want to control access so that you understand the headers you need to use for that application.
The following table lists the headers that you can use for the SaaS applications for which Palo Alto Networks provides predefined support; each header also includes a link to more information specific to that header.
For More Information
You can allow access to sanctioned Enterprise Dropbox accounts. This header's value is the business account's team ID, which you can obtain from the network control section of the Dropbox admin console. You must also enable this functionality from the same location.
For details on managing this header, as well as how to enable your Dropbox clients so that you can decrypt their traffic, contact your Dropbox account representative.
Google G Suite
You can allow access to specific Google accounts from your domain. The values that you give to this header are your domain and subdomains.
Microsoft Office 365
Restrict-Access-To-Tenantswith a list of tenants you want to allow your users to access. You can use any domain that is registered with a tenant to identify the tenant in this list.
Restrict-Access-Contextwith the directory ID that is setting the tenant restriction. You can find your directory ID in the Azure portal. Sign in as an administrator, select
Azure Active Directory, then select
Use HTTP Headers to Manage SaaS Application Access
Use Palo Alto Networks® firewall URL profiles to insert custom headers into HTTP requests so that you can control access to differing versions of web ...
Domains used by the Predefined SaaS Application Types
List of domains you use for header insertion rules when using predefined HTTP header insertion rules. ...
HTTP Header Insertion and Modification
Use Palo Alto Networks® firewall URL profiles to insert HTTP headers and values into HTTP requests so that you can control access to differing versions ...
Create HTTP Header Insertion Entries using Predefined Types
You can create HTTP Header Insertion rules based on types that are predefined by Palo Alto Networks® for popular SaaS applications. ...
App-ID enables you to see the applications on your network and learn how they work, their behavioral characteristics, and their relative risk. ...
Create Custom HTTP Header Insertion Entries
Create custom HTTP Header Insertion rules for your Palo Alto Networks® firewall. ...
App-ID To safely enable applications on your network, the Palo Alto Networks next-generation firewalls provide both an application and web perspective—App-ID and URL Filtering—to protect ...
Application Whitelist Example
Application Whitelist Example Keep in mind that you do not need to capture every application that might be in use on your network in your ...