Configure application headers
An application configuration file can define headers specific to the application or service.
You can customize the header information sent in a HTTP request in a number of ways. You can set custom headers by coding them in your Genero application, or you can add customized HTTP headers to the application or service configuration.
Request headers in the application or service configuration can be useful for passing additional information in the request. One use case would be to add special authentication information, such as tokens, to the headers of HTTP requests.
- The
HEADER (Common)
element defined in the GAS configuration file (as.xcf). HTTP headers defined here are common to all applications. - The
HEADER (Dedicated)
element defined in the application configuration file.
A typical use case for common HTTP headers sets the HTTP Strict Transport Security (HSTS) headers that comply with Open Web Application Security Project (OWASP) recommendations. These headers would apply to all applications; the best practice recommendation is to set them in the GAS configuration file.
If you need to add additional headers on a per application or service basis, you can set these
with a dedicated HEADER
tag in the HTTP
element of the application
configuration file. The GAS adds these headers to
every HTTP request to the application or service URL, in addition to the common headers.
In requests to the GAS where the application URL is not used, the common headers are always sent; however, the GAS does not send the dedicated headers. Examples of such requests include requests for public resources, such as images (/ua/i), and reports (/ua/report/).