Enable HTTP response headers configuration

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:1分

    • Reduce the risk of cookie/session-related hijacking of web apps using a system property.

    If glide.http.headers_config.enabled isn’t set to true, then response header configurations defined in the HTTP Response Headers [sys_response_header] table aren’t used. Security related HTTP response headers include Content Security Policy, which aids in XSS-related protections. For details on HTTP response headers, see HTTP Response Headers.

    Verify that the property glide.http.headers_config.enabled is set to true.

    More information

    Attribute Description
    Configuration name glide.http.headers_config.enabled
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value true
    Default value true
    Fallback value true
    Category Session management
    Security risk
    • Severity score: 5.5
    • CVSS score: Medium
    • Security Risk: The security risks of missing, incorrect, or weak HTTP response headers may allow for XSS, CSRF, and cookie/session related hijacking of web apps.
    Dependencies and prerequisites None