How to Set Custom Header with .htaccess


set custom header using .htaccess

Sometimes, you may need to set custom headers for user requests, for the purpose of testing and troubleshooting. You can parse these headers on the client-side and take appropriate actions. Here’s how to set custom header with .htaccess.

 

How to Set Custom Header with .htaccess

Here are the steps to set custom header with .htaccess. Custom HTTP headers look like parameter=value

You can easily add custom header in Apache with Header directive


Header add Custom-Header "parameter=value"

Here’s a sample response, with custom header in bold


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 01 Aug 2016 17:58:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.24, PleskLin
strict-transport-security: max-age=63072000; includeSubDomains; preload
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Custom-Header: parameter=value
Content-Language: en

 

Let us look how to set custom headers in Apache. Before proceeding, please ensure you have enabled .htaccess (mod_rewrite) for your Apache server. Here are the steps to do it:

 

Place your .htaccess file in the root document folder of your website (/var/www/html).

 

1. Enable mod_headers

Apache requires mod_headers module to be able to set headers.

You can enable it with the command

$ sudo a2enmod headers

In CentOS, it comes pre-installed. If not, you can open up Apache config file in a text editor, look for the line containing “mod_expires.so” and uncomment it by removing ‘#’ at its beginning.

 

2. Add Custom Header

You can simply modify & add the following line in your .htaccess file located at website root (/var/www/html) to set custom header across your entire website.


Header add Strict-Transport-Security "max-age=157680000"

 

Please note:

  1. Avoid using spaces & special characters in header name (Strict-Transport-Security). Stick to hyphen and alphanumeric characters
  2. You can use space in parameter value. E.g Tacos: “taste=really delicious”
  3. Always use quotes for “parameter=value”to avoid errors

 

Add custom header to all requests

If you want to add custom header to all requests to your website, simply add the directive to .htaccess file placed in your website’s root directory.

If you want to add custom header only to all the requests to a specific directory, then create a blank .htaccess file and add the Header directive to it.

 

Add custom header to a single file

If you want to add custom header to a single file, use Files directive to match the file name


# add custom header to single file
<Files example.html>
Header add Strict-Transport-Security "max-age=157680000"
</Files>

 

Add Custom Headers to Multiple Files

If you want to add custom header to multiple files, use Files or FilesMatch directive


# add custom header to multiple files
<Files ~ "\.(jpe?g|png|gif|mp3|wav|ogg|m4a|mp4|mov|wmv|avi)$">
Header add Strict-Transport-Security "max-age=157680000"
</Files>

 


# add custom header to multiple files
<FilesMatch "\.(jpe?g|png|gif|mp3|wav|ogg|m4a|mp4|mov|wmv|avi)$">
Header add Strict-Transport-Security "max-age=157680000"
</FilesMatch>

 

Using Location and Directory

You can also place the above codes in Location or Directory blocks in Apache config file.

 

3. Restart Apache Web Server

Restart Apache Web Server to apply changes


$ sudo systemctl restart apache2 [Ubuntu/Debian]
$ sudo systemctl restart httpd [RHEL/CentOS]

 

4. Test Custom Headers

You can use one of the HTTP response header tools to enter your website URL and examine the headers.

 

About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!