"HTTPAdditionalRespHeader" notes.ini allows enabling a custom HTTP response header when using Web Configuration view
Certain issues may require a custom HTTP header to be added to responses from a Domino Web server.
If the Domino server is using internet site documents, a rule can be created on a Web site document of the type "Custom HTTP Headers".
However, when a Domino Web server is configured through the server document instead of through internet site documents, it is not possible to create a Web rule document for custom HTTP headers.
Domino allows the HTTP Web server to be configured to use Internet site (Web site) documents for its configuration, or to use the server document for its configuration. When the Server document is used, Domino will log at start up " HTTP Server: Using Web Configuration View"
Resolving The Problem
A new setting has been introduced in Domino 9.0.1 Fix Pack 6 through SPR MKIN9WMUYH. This notes.ini will allow a single custom HTTP response header to be enabled on a server without requiring the use of internet site documents.
Starting with Domino 901FP6, the notes.ini setting "HTTPAdditionalRespHeader" can be used to tell Domino to add an additional HTTP response header to all responses from the Domino Web server.
To set an additional response header using HTTPAdditionalRespHeader, enter the header field name of the response header, followed by a colon and a space, and then the value of the response header.
1. Set a "no-cache" header on all server responses
2. Prohibit a cross-site scripting (XSS) vulnerability by prohibiting frames that do not come from the same page.
Related informationDoes Domino Web server use the X-Frame-Options header?
More support for:
Component: Web Server
Software version: 8.5.3, 9.0.1
Operating system(s): AIX, IBM i, Linux, Windows
Software edition: All Editions
Reference #: 1962324
Modified date: 05 September 2018