HTTP Header Insertion and Modification

Use Palo Alto Networks® firewall URL profiles to insert HTTP headers and values into HTTP requests so that you can control access to differing versions of web applications.
Unsanctioned usage of SaaS applications can be a way for your users to transmit sensitive information outside of your network, usually by accessing a consumer version of an application. However, if you need to allow access to the enterprise version of these applications for specific individuals or organizations, then you can't block the SaaS application entirely. With the HTTP header insertion and modification feature, you can now manage HTTP header information to disallow SaaS consumer accounts while allowing a specific enterprise account.
Because many SaaS applications allow or disallow access to applications based on information contained in specific HTTP headers, you can use predefined header insertion rules to manage access to popular SaaS applications. Predefined rules are specific to particular SaaS applications. Currently there are four available predefined applications: Google, Dropbox, YouTube, and Office 365. These applications (and any additional applications that might be predefined in the future) are populated and maintained by Palo Alto Networks® using content updates. If a SaaS vendor changes its implementation so that additional header or domain information is needed, Palo Alto Networks will use a content update to modify the relevant predefined rule for you.
If you want to perform HTTP header insertion for an application that is not yet predefined in a content update, you can create a custom rule. Custom rules allow you to manage custom HTTP headers but you can also use them to manage standard HTTP headers depending on your requirements.
Custom rules that you create will never be managed or modified by Palo Alto Networks. It is your responsibility to maintain the custom rules that you create so that they accurately interact with the SaaS application.

Related Documentation