This feature will set security headers for the AMS/AGS Jetty.
Setting security headers by providing custom values to the default headers enhances the security of HTTP headers.
API Management Server
Configuring Default Headers in eStudio Profile Manager
To set secure headers in the HTTP response, perform the following actions in eStudio after stopping the AMS:
- Open the AMS profile from the Profile Management perspective.
Go to APIManager > Fiorano > APIManager > APIJetty > APIManagerJetty and provide the following value in the DefaultHeaders property:
- Save the profile (CTRL+S) and start the AMS server.
Testing the response in Fiorano Dashboard
To confirm whether the settings are applied to the server configuration, perform the following actions in Fiorano Dashboard:
- Login to Fiorano API Dashboard (http://localhost:1981/apimgmt).
- Perform an action (like clicking the API Projects tab) that invokes a request.
- Open browser developer tools (CTRL+SHIFT+I) and refresh the page or click on any tab.
In the Network tab of the browser developer tool, click the name corresponding to the request made (here, apiProjectEvents).
API Gateway Server
Configuring Default Headers in eStudio Profile Manager
To set secure headers in the HTTP response, perform the following actions in eStudio after stopping the AGS:
- Open the AGS profile from the Profile Management perspective.
Go to APIGATEWAY > Fiorano > APIGateway > APIGatewayManager > APIGatewayManager and provide the following value in the DefaultResponseHeaders property:
- Save the profile (CTRL+S) and start the AGS server.
Testing the response in Fiorano Dashboard
To confirm whether the settings are applied to the server configuration, perform the following actions in Fiorano Dashboard:
- Login to Fiorano API Dashboard (http://localhost:1981/apimgmt).
- Perform an action (like clicking the API Projects tab) that invokes a request.
- Open browser developer tools (CTRL+SHIFT+I) and refresh the page or click on any tab.
In the Network tab of the browser developer tool, click the name corresponding to the request made (here, apiProjectEvents).