HTTP Header Insertion

To enable the firewall to manage web application access by inserting HTTP headers and their values into HTTP requests, select ObjectsSecurity ProfilesURL FilteringHTTP Header Insertion
You can create insertion entries based on a predefined HTTP header insertion type or you can create your own custom type. Header insertion is typically performed for custom HTTP headers but you can also insert standard HTTP headers.
Header insertion occurs when:
  1. An HTTP request matches a security policy rule with one or more configured HTTP header insertion entries.
  2. A specified domain matches the one found in the HTTP Host header.
  3. The Action is anything other than Block.
The firewall can perform HTTP header insertion only for the GET, POST, PUT, and HEAD methods.
If you enable HTTP header insertion and the identified header is missing from a request, the firewall inserts the header. If the identified header already exists in the request, then the firewall overwrites the header values with the values that you specify.
Add an insertion entry or select an existing insertion entry to modify it. When needed, you can also select an insertion entry and then Delete it.
The default block list action for a new HTTP header insertion entry is Block. If you want a different action, go to URL Filtering Overrides and select the appropriate action. Alternatively, add the insertion entry to a profile that is configured with the desired action.
HTTP Header Insertion Settings
Description
Name
The name for this HTTP header insertion entry.
Type
The type of entry you want to create. Entries can either be predefined or custom. Predefined entries are populated and maintained using content updates.
Domains
Header insertion occurs when a domain in this list matches the Host header of the HTTP request.
If you are creating a predefined entry, the domain list is predefined in a content update. This is sufficient for most use cases but you can add or delete domains as needed.
To create a custom entry, Add at least one domain to this list.
Each domain name can be up to 256 characters and you can identify a maximum of 50 domains for each entry. Wildcards (for example, *.example.com) are allowed.
Headers
When you create a predefined entry, the Header list is pre-populated by a content update. This is sufficient for most use cases but you can add or delete headers as needed.
When you create a custom entry, add one or more headers (up to a total of five) to this list .
Header names can have up to 100 characters but cannot include spaces.
Header Value
(Required) The header value is dependent on whether you are enabling or disabling access to the specified web application and what that web application requires for you to achieve your goal. This value can be a maximum of 512 characters.
Log
Select Log to enable logging of this header insertion entry.

Related Documentation