UkrainianUA
imageUAimageEN

How to Add Custom HTTP Headers to UniLink Pages (SEO and Security Headers)

May 2, 2026·By UniLink Team

Control exactly what HTTP headers UniLink sends with your pages to harden security and fine-tune caching behavior.

  • Custom headers are available on the Business plan and configured in Dashboard → Settings → Advanced → Custom Headers.
  • Common uses include Content-Security-Policy, X-Frame-Options, Cache-Control, and custom cache directives.
  • Changes go live immediately after saving — no redeployment required.

HTTP response headers are instructions your server sends to browsers and intermediaries like CDNs every time someone loads a page. On UniLink, custom headers let you enforce security policies, control how pages are cached, and signal behavior to crawlers — all without touching your page content or design. This level of control is especially valuable for businesses that need to meet specific compliance standards or want full ownership of how their UniLink pages behave at the network layer.

What Custom HTTP Headers Does

Every HTTP response includes a set of headers that tell the browser how to handle the content. By default, UniLink sends a standard set covering cache control, content type, and basic security. The Custom Headers feature lets you add additional headers on top of those defaults, giving you precise control over browser behavior for your specific page at unil.ink/username.

Security headers are among the most impactful additions you can make. A properly configured Content-Security-Policy header restricts which scripts and resources can load on your page, reducing the attack surface for cross-site scripting. X-Frame-Options: DENY prevents your page from being embedded in iframes on other sites, protecting against clickjacking attacks. These headers are not cosmetic — modern browsers enforce them strictly, and Google's security audits check for them.

Custom headers also affect performance and SEO indirectly. Cache-Control overrides let you tell CDN edges to store your page for longer, reducing server load and improving Time to First Byte for repeat visitors. Crawlers like Googlebot respect certain headers that affect indexing behavior. Businesses on the UniLink Business plan can use this feature to align their link-in-bio pages with broader corporate web security policies.

How to Get Started

  1. Confirm your plan. Navigate to app.unilink.us and go to Account → Billing. Custom headers require the Business plan ($49/mo). If you are on Starter or Pro, upgrade before proceeding.
  2. Open Settings. In the Dashboard sidebar, click Settings, then select the Advanced tab. The Advanced tab contains power-user features including custom headers, custom domains, and webhook endpoints.
  3. Find the Custom Headers section. Scroll down within the Advanced tab until you see the Custom Headers panel. It displays any headers you have already added, plus an Add Header button.
  4. Click Add Header and enter your first header. A row appears with two fields: Header Name and Header Value. Type the header name exactly as it should appear in the HTTP response (e.g., X-Frame-Options) and the value (e.g., DENY).
  5. Save your changes. Click Save at the bottom of the Advanced settings panel. UniLink applies the new headers to all requests for your pages immediately. Verify by opening your page in a browser, opening DevTools, and checking the Network tab for your header.

How to Use Custom Headers

  1. Add a Content-Security-Policy header. Click Add Header, set the name to Content-Security-Policy, and set the value to a policy string such as default-src 'self'; script-src 'self' https://trusted-cdn.example.com. Start with a report-only policy (Content-Security-Policy-Report-Only) to catch violations before enforcing.
  2. Set X-Frame-Options to prevent embedding. Add a header with name X-Frame-Options and value SAMEORIGIN (allow embedding only from your own domain) or DENY (block all iframe embedding). This is one of the fastest wins for security posture.
  3. Override Cache-Control for longer CDN caching. Add Cache-Control with a value like public, max-age=3600, s-maxage=86400, stale-while-revalidate=3600. This tells CDN edges to cache for 24 hours while keeping the page fresh for end users.
  4. Add a Permissions-Policy header. Use Permissions-Policy with a value like geolocation=(), microphone=(), camera=() to explicitly disable browser APIs your page does not use. This signals privacy-conscious behavior to browsers and auditing tools.
  5. Remove a header you no longer need. Each header row in the Custom Headers panel has a Remove button (trash icon). Click it, then save. The header is removed from all subsequent responses immediately.

Key Settings

SettingWhat It DoesRecommended
Content-Security-Policy Restricts which scripts, styles, and resources the browser can load Start with Report-Only mode, then enforce after reviewing violations
X-Frame-Options Controls whether your page can be loaded inside an iframe on another site SAMEORIGIN for most cases; DENY if you never need iframe embedding
Cache-Control Tells browsers and CDN edges how long to cache the response public, max-age=60, s-maxage=300, stale-while-revalidate=600
Permissions-Policy Disables specific browser APIs (camera, mic, geolocation) for the page Disable all APIs you do not actively use
Referrer-Policy Controls how much referrer information is sent when users click outbound links strict-origin-when-cross-origin balances analytics and privacy
Tip: Before adding a strict Content-Security-Policy, open your page in Chrome DevTools and check the Console for any blocked resource errors. This lets you discover which domains your page depends on and build a whitelist before you accidentally break embedded fonts or third-party scripts.

Get the Most Out Of Custom Headers

The highest-impact combination is X-Frame-Options, Content-Security-Policy, and Referrer-Policy added together. These three headers address the most common browser-based attack vectors and are what security scanners like Mozilla Observatory and securityheaders.com check for first. Getting an A rating on those scanners signals to enterprise clients and partners that your digital presence is professionally managed.

Cache-Control customization can meaningfully improve your page's Largest Contentful Paint score when combined with UniLink's CDN. The default UniLink cache policy uses s-maxage=300, which means CDN edges re-fetch the page every five minutes. If your page content is static or changes infrequently, bumping s-maxage to 3600 or higher reduces latency for visitors on repeat visits and during traffic spikes, since the CDN serves the cached response without reaching the origin.

For agencies managing multiple client accounts on UniLink's Agency plan, custom headers can be configured independently per account. This is important when one client requires strict CSP for compliance (e.g., a healthcare company) and another needs a permissive policy to support embedded third-party widgets. Never copy a CSP from one account to another without auditing the page's dependencies first — a policy tuned for a simple portfolio page will break a product catalog that loads images from external CDNs.

Keep a record of every custom header you add and why you added it. Headers are easy to forget about, and a six-month-old Cache-Control: no-store directive added during debugging can silently destroy your page's CDN cache performance. Treat your Custom Headers configuration as part of your site documentation — review it quarterly alongside your DNS and integration settings.

Troubleshooting

ProblemCauseFix
Custom Headers option is not visible in Advanced settings Account is on Starter or Pro plan, not Business Upgrade to the Business plan ($49/mo) at Account → Billing
Header does not appear in browser DevTools after saving CDN edge has cached the previous response without the new header Hard-reload the page (Ctrl+Shift+R) or test in a private browsing window to bypass cache
Page scripts or fonts stop loading after adding CSP Content-Security-Policy is blocking a domain not included in the whitelist Check Console for CSP violation messages, add the blocked domain to the appropriate directive
Cache-Control header is being ignored by CDN UniLink's platform-level Cache-Control takes precedence over custom overrides for some directives Contact UniLink support — platform-level headers cannot be overridden via the Custom Headers panel for certain protected directives
  • Full control over security headers without needing a separate reverse proxy
  • Changes apply instantly across all CDN edges — no redeployment needed
  • Enables compliance with enterprise and government web security standards
  • Cache-Control overrides can significantly improve CDN hit rates and page speed
  • Requires the Business plan — not available to free, Starter, or Pro users
  • Incorrectly configured CSP can break embedded fonts, scripts, or third-party widgets
  • Some platform-level headers cannot be overridden, limiting full control
Which plan includes custom HTTP headers?

Custom HTTP headers are a Business plan feature ($49/mo). Starter ($9/mo) and Pro ($19/mo) plans do not have access to the Custom Headers panel in Advanced settings.

Can I add multiple values to a single header?

Yes. Enter the full header value in the Header Value field, including any semicolons or commas required by the header format. For example, a Content-Security-Policy can contain multiple directives separated by semicolons in a single value string.

Will custom headers affect all my UniLink pages?

By default, custom headers configured in Settings → Advanced apply to all pages on your account. If you need different headers for different pages, contact UniLink support — per-page header overrides may be available for Agency plan accounts.

Does UniLink already set any default security headers?

Yes. UniLink sets several default headers including X-Content-Type-Options: nosniff and basic Cache-Control directives on all pages. Your custom headers are added on top of these defaults, not instead of them.

Can I override UniLink's default Cache-Control header?

Partially. You can set your own Cache-Control value via the Custom Headers panel, but certain platform-level directives take precedence. For advanced cache configuration needs, contact UniLink support directly.

  • Custom HTTP headers are available on the Business plan and are configured in Dashboard → Settings → Advanced → Custom Headers.
  • The highest-impact security headers to add are Content-Security-Policy, X-Frame-Options, and Referrer-Policy.
  • Cache-Control overrides can improve CDN hit rates and reduce page load times for static or infrequently updated pages.
  • Always verify headers using browser DevTools or a tool like securityheaders.com after saving changes.
  • Keep documentation of every custom header you add — headers are easy to forget and can silently break page behavior if misconfigured.

Ready to harden your UniLink pages? Upgrade to the Business plan and configure your custom headers today at app.unilink.us.

Related Articles

How to Add a Link to Your Quora Bio (2026 Step-by-Step)How to Add a Link to Your GitHub Profile (2026 Step-by-Step)How to Add Links to Your Etsy Shop in 2026 (Bio, About, Listings)How to Add a Link to Your WhatsApp Bio (2026 Guide)How to Add a Link to Your Tumblr Bio (2026 Step-by-Step)How to Add a Link to Your Facebook Profile or Page (2026 Guide)