How to add additional response headers in Qlik Sense

Andre_Sostizzo · Mar 4, 2024 6:46:41 AM

In Qlik Sense, an administrator may want to add additional HTTP headers to the Qlik Sense Proxy. This article will outline how to add those additional HTTP headers.

An example is the commonly deployed X-Frame-Options to prevent Clickjacking, or headers meant to prevent cross-site-scripting.

How to add additional headers

Inspect the Response Headers in the Hub for a specific Virtual Proxy to see what values are already present:

In this example, we are using Chrome's Developer Tools. All browsers include Developer Tools but Chrome's tends to be the most robust. You can access the browser's Developer's Tools by pressing F12. You may need to refresh the page to see a capture. Refer to online documentation for the browser of choice for insight into how to use its Developer Tools.
Add the additional response headers in the Qlik Sense Management Console:
1. Open Virtual Proxies
2. Click Edit on your Proxy
3. Open the Advanced options (right hand side)
4. Locate Additional Response Headers
  
  Note that the expected format is Header: option1;option2
  
  If there are multiple headers which need to be added, then each header needs to be on a new line in the expected format:

Looking to automate? Review the Qlik Open AI specifications for VirtualProxyConfig: additionalResponseHeaders

Additional considerations

Be sure to research additional headers and understand the consequences of adding them to Qlik Sense. Some headers may have a large impact to a deployment; example: https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
These headers are applied on a per virtual proxy basis. So be sure to apply any needed changes to all relevant virtual proxies.

priya2 · ‎2021-01-12

Hi,

Can you please help in adding the content security policy header.

rajarl · ‎2024-02-27

How to add the Additional Response Headers automatically by system?

I mean in our application - the .net installer is silently installing the qlik sense as part of our application installation and after the successful install we like to update the Additional Response Headers or while installation of qlik sense we like to update the Additional Response Headers. please do the needful

Sonja_Bauernfeind · ‎2024-03-01

Hello @rajarl

I'd recommend posting this question with your requirements (and versions) in the Qlik Sense Deployment forum.

All the best,
Sonja

rajarl · ‎2024-03-01

I got the answer @

Solved: Re: Update Virtual Proxy thru API - Qlik Community - 2424475

Sonja_Bauernfeind · ‎2024-03-04

Thank you for looping back with this, @rajarl !

All the best,
Sonja

nilesh007 · ‎2025-01-02

Hi Community,

In Qlik sense enterprise, according to VAPT report there are some missing security headers which needs to be implemented. We are facing issue while adding the below security header in the virtual proxy.
--> Content-Security-Policy: default-src 'self'
After implementing it we are unable to access qlik getting black/grey screen.

Articles followed:

https://community.qlik.com/t5/Official-Support-Articles/Qlik-Sense-Enterprise-on-Windows-Securing-an....

How to determine string policy for Content Securit... - Qlik Community - 1715491

How to add additional response headers in Qlik Sense