This idea has been merged into another idea. To comment or vote on this idea, please visit IDEAAD-I-34 Add a fourth HTTP Header in Website Rule Documents.
Currently Domino allows you to set exactly three custom headers per website(Web Site Rule Document) plus an additional one via the notes.ini variable HTTPAdditionalRespHeader(which applies server-wide).
To fully protect your webserver you would ideally apply all of the following headers(as per securityheaders.com ):
Due to the restriction above this is currently not possible without external hardware(like a load balancer).
It would be cool if we could set all of those headers directly in the Web Site Rule Document.