---
title: Adding custom HTTP response headers
description: The PingFederate administrative console and runtime server are capable of returning custom HTTP response headers, such as HTTP Strict-Transport-Security (HSTS), to enforce HTTPS-based access and P3P.
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:pf_adding_custom_of_http_headers
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/pf_adding_custom_of_http_headers.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  steps: Steps
---

# Adding custom HTTP response headers

The PingFederate administrative console and runtime server are capable of returning custom HTTP response headers, such as HTTP Strict-Transport-Security (HSTS), to enforce HTTPS-based access and P3P.

## Steps

1. Edit the `response-header-admin-config.xml` file or the `response-header-runtime-config.xml` file, or both, located in the `<pf_install>/pingfederate/server/default/data/config-store` directory.

2. Save your changes.

3. Restart PingFederate.

   For a clustered PingFederate environment, perform these steps on the console node, and then click **Replicate Configuration** on **System > Server > Cluster Management**.