Notes.ini Entry


Name:
    HTTPAdditionalRespHeader

Syntax
    HTTPAdditionalRespHeader=Text

Applies to:
    Servers

Add-on:

    First Release:
      9.0.1

    Obsolete since:

      Category:
        Web, HTTP, Cache

      Default:
        None

      UI equivalent:
        None

      Description:
      Technote (troubleshooting)

      Certain issues may require a custom HTTP header to be added to responses from a Domino Web server.
      If the Domino server is using internet site documents, a rule can be created on a Web site document of the type "Custom HTTP Headers".
      However, when a Domino Web server is configured through the server document instead of through internet site documents, it is not possible to create a Web rule document for custom HTTP headers.

      Environment
      Domino allows the HTTP Web server to be configured to use Internet site (Web site) documents for its configuration, or to use the server document for its configuration. When the Server document is used, Domino will log at start up " HTTP Server: Using Web Configuration View"

      Resolving the problem
      A new setting has been introduced in Domino 9.0.1 Fix Pack 6 through SPR MKIN9WMUYH. This notes.ini will allow a single custom HTTP response header to be enabled on a server without requiring the use of internet site documents.
      Starting with Domino 901FP6, the notes.ini setting "HTTPAdditionalRespHeader" can be used to tell Domino to add an additional HTTP response header to all responses from the Domino Web server.
      To set an additional response header using HTTPAdditionalRespHeader, enter the header field name of the response header, followed by a colon and a space, and then the value of the response header.

      Examples:
      1. Set a "no-cache" header on all server responses
      HTTPAdditionalRespHeader=Cache-control: no-cache

      2. Prohibit a cross-site scripting (XSS) vulnerability by prohibiting frames that do not come from the same page.
      HTTPAdditionalRespHeader=X-Frame-Options: SAMEORIGIN

      MKIN9WMUYH (LO85291) - This fix allows a user to add a custom response header in the web server by setting notes.ini: HTTPAdditionalRespHeader=<text>; Example: HTTPAdditionalRespHeader=Cache-control: no-cache. (technote 1962324)