trusted authentification with HTTP_HEADER method

Hello,

I use "trusted authentification" to connect to BO from an intranet.

I tried this authentification with QUERY_STRING method and it works but we see the user name in the URL.

I would like ti use another method more "securised" like HTTP_HEADER but i don't know how to use it .

Could you please give an example to set up this method more than the administrator guide ?

I would like to know which parameters to modify in web.xml file with example and an example of url to connext to BO.

Thanks for your response.

Regards.