Add Custom HTTP Headers to SharePoint Responses

Something that can be useful to configure for SharePoint web-applications is extra HTTP headers to the page responses. This post is about the best way of configuring this for SharePoint specifically.

There are many reasons you might want to add HTTP headers (normally it’s not necessary though); I stumbled on one example recently where one SharePoint application needed POST to another on another domain which needed headers adding for so cross-origin resource sharing (CORS) would work.

Anyway, the best way of configuring whatever headers you want is by harnessing SPWebConfigModification, and there’s already some great documentation on this API already. In short though there’s a collection of these stored against every SharePoint web-application object in the farm and the idea is SharePoint automatically deploys your modifications for you via this interface.

This is particularly useful because it’s a centralised way of making you’re your configuration is always in sync across the farm; web-front-ends can come & go; new application zones can be added and your own changes will always be present.

Relevant ASP.Net Configuration for Custom HTTP Headers

We want to add this to the configuration:





    <add name="X-Custom-Name" value="MyCustomValue" />





There’s a nice article about this IIS configuration here if you want to know more. What we want to do is get SharePoint to add this configuration for us via a script.

Example Script to add Custom HTTP Headers

This will add a header “X-Header-Property” with value “X-Header-Value” to all web.config files for the web-application “https://15”. Note, this won’t add it twice (which the API will accept) – hence the “if” block below. Anyway:

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

$webApp = Get-SPWebApplication https://sp15/

$configPath = "configuration/system.webServer/httpProtocol/customHeaders"

# Define header Access-Control-Allow-Origin

$configModAccessControl = New-Object Microsoft.SharePoint.Administration.SPWebConfigModification

$configModAccessControl.Path = $configPath

$configModAccessControl.Name = "add[@name='X-Header-Property'][@value='X-Header-Value']"

$configModAccessControl.Value = "<add name='X-Header-Property' value='X-Header-Value' />"

$configModAccessControl.Sequence = 0

$configModAccessControl.Owner = ""

$configModAccessControl.Type = 0

# Add headers to SPWebApplication modifications?

    if (($webapp.WebConfigModifications | where-object { $_.Name -eq $configModAccessControl.Name } | measure).Count -eq 0) {

    Write-Host "Adding " $configModAccessControl.Name



else {

    Write-Host $configModAccessControl.Name added. skipping.



$webApp.WebConfigModifications #Print modifications

# Apply modifications (uncomment to apply)

# $webApp.Parent.ApplyWebConfigModifications()

Applying Modification Changes to Existing web.config Files

The last line is deliberately commented because running this will refresh all WFE web.config files, and by doing so cause an app-pool recycle. Use with caution!


This is just a short one; hopefully someone will find this helpful!


Sam Betts