Skip to main content
Jeff Matson
  • Updated

Setting Response Headers in Atomic

For additional security, you may want to add additional response headers, such as Content Security Policy or Access Control headers. These additional headers can help browsers protect you and your WordPress site's visitors from cross site scripting attacks by restricting where your content is allowed to be loaded from.

In this article, we'll show you how to set your own response headers from inside Atomic.

  1. Start by logging into the Atomic control panel.
  2. Inside the left side menu, click on Apps.

    Screenshot: click on Apps
  3. Next, locate the app where you want to define your response headers, then click on the settings icon to the right of the app's name.

    Screenshot: click on the settings icon from the app list
  4. Since these changes are going to be made at the ARES gateway level, navigate to the ARES tab.

    Screenshot: navigate to the ARES tab
  5. Inside the ARES tab, access the Headers section.

    Screenshot: click on the Headers section
  6. To add a new response header, click on the New Response Headers Rule button.

    Screenshot: new response headers rule button
  7. A new area will appear that will let you configure your response header rule. The first field is the Select Path field, which will allow you to set the path that the rule will apply to.

    For the purposes of this example, we're going to apply this rule to all directories within the site, so we'll set the path as a single forward slash.

    Screenshot: headers path field
  8. Optionally, you can also set file extensions that this rule will apply to. You may either select pre-defined extensions from our list or enter in your own if it's not already listed.

    For the purposes of this article, we're not going to select any specific extensions, which will apply the rule to all locations.

    Screenshot: headers extensions settings
  9. Next, you'll just need to set up the response headers that you want to use by toggling them on and selecting the applicable settings.

    For example, we've selected the Access-Control-Allow-Origin header and set it to Self, which will restrict the loading of assets from the same site that's being visited.

    Screenshot: header settings to include
  10. After your options are selected, don't forget to click on the Save button to create your response header rule.

    Screenshot: save button for header rule
  11. When your rules are created and you're ready to make them active on your site, click on the Deploy Changes button.

    Screenshot: click on the Deploy Changes button

As with any other changes to your WordPress site, be sure to look through your site for any issues. You never know when your changes might cause unintended results.

If you have any questions about setting response headers, always feel free to reach out to our support team. They're happy to help you to achieve your goals.

Related articles