Components

HTTP Header Rule

Declarative Headers, Delivered Automatically

The HTTP Header Rule component allows you to define custom HTTP headers, such as security, caching, or CORS rules, directly within your content. These rules are automatically applied during deployment, ensuring proper behavior and protection for your web project without needing manual setup or code intervention.

Define powerful browser-level protections and performance tweaks through structured content. Whether you need strict security headers or flexible delivery settings, Vertex Forge ensures your headers are cleanly managed and always up to date.

Security & Control Made Simple

  1. Enforce Best Practices.
    Add industry-standard security headers.

  2. Seamless Integration.
    No scripts, config files, or server file edits.

  3. Granular Targeting.
    Apply rules to any route or pattern.

Fully Automated Deployment

  1. Content-Driven Configuration.
    Headers live inside content folders.

  2. Multiple Rules, One Source.
    Apply layered headers to the same URL.

  3. Picked up automatically during build.
    No extra deployment steps required.

Use Cases

HTTP headers are a crucial part of any high-quality web delivery strategy, helping secure your content, improve performance, and control behavior.

The HTTP Header Rule component eliminates the need for technical overhead or complex infrastructure changes by enabling you to manage headers, such as content.

Some common use cases include:

  • Enforcing XSS, clickjacking, and MIME sniffing protections.

  • Applying Content Security Policy (CSP) for script and resource controls.

  • Defining Strict-Transport-Security (HSTS) to enforce HTTPS.

  • Managing CORS headers for API access.

  • Controlling cache behavior with Cache-Control or custom headers.

  • Targeting specific paths like /blog/* or /assets/* with individual headers.

This component is ideal for teams that require flexibility and security, without relying on DevOps to manually maintain header files or server configurations.

Configuration Options & Features

The HTTP Header Rule component provides complete control over browser-level behavior through structured, content-managed configurations. It’s built for performance-focused, security-conscious teams who want more control with less complexity.

No guesswork. No infrastructure fumbling. Just rules that work, applied exactly where and how you need them.

Secure. Deploy. Repeat, all within Vertex Forge.

URL

Defines which path or resource the rule applies to. The URL value can be a direct path (e.g., /blog/post-1) or a pattern (/blog/*) to use headers on multiple routes.

Examples:

  • "/" applies to the homepage

  • "/assets/*" applies to all asset routes.

  • "/admin/*" applies headers to admin-only content.

This allows you to control the scope of your rules precisely.

Rules

A list of one or more header entries to apply. Each rule includes a name and a value that are used as a header for the URL associated with it.

Examples would be

  • X-XSS-Protection: 1; mode=block  

  • X-Frame-Options: DENY  

  • X-Content-Type-Options: nosniff

You can stack as many rules as needed per URL target, making it easy to combine security headers with performance or policy headers and manage them easily and conveniently.

Name

The HTTP header name must match exactly what you’d expect in a browser or server response.

Examples:

  • X-XSS-Protection

  • X-Frame-Options

  • Strict-Transport-Security

  • Content-Security-Policy

Value

The value associated with that header defines what behavior or restriction is enforced.

Examples:

  • 1; mode=block

  • DENY

  • max-age=63072000; includeSubDomains; preload

  • default-src * data: 'unsafe-eval' 'unsafe-inline'