We're using Fortify to set a pair of response headers by extending a wildcard configuration with a route configuration. The demo page prints the response headers for you to see.
We're also enforcing HTTPS on all routes. Insecure HTTP requests are upgraded to HTTPS and insecure data requests (POST, etc) receive a 403.
Fortify can set any request or response headers including important security headers like CSP, HSTS, and CORS. Use Fortify to compose complex configurations and secure your website without modifying your source code!
This demo uses Fortify on the Pro plan to set up a complex, route-based configuration.
Once installed, navigate to your site and inspect the relevant HTTP headers. Check it out in the browser below. Fortify extends the global wildcard configuration to set both headers on our demo page.
Click on the
http://www.networkchimp.com or send a
POST http://www.networkchimp.com/fortify-demo request to see HTTPS enforcement in action.