Sometimes, you may need to set custom headers for user requests, for the purpose of testing and troubleshooting. You can parse these headers on the client-side and take appropriate actions. Here’s how to set custom header with .htaccess.
How to Set Custom Header with .htaccess
Here are the steps to set custom header with .htaccess. Custom HTTP headers look like parameter=value
You can easily add custom header in Apache with Header directive
Header add Custom-Header "parameter=value"
Here’s a sample response, with custom header in bold
HTTP/1.1 200 OK Server: nginx Date: Mon, 01 Aug 2016 17:58:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/5.6.24, PleskLin strict-transport-security: max-age=63072000; includeSubDomains; preload Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Custom-Header: parameter=value Content-Language: en
Let us look how to set custom headers in Apache. Before proceeding, please ensure you have enabled .htaccess (mod_rewrite) for your Apache server. Here are the steps to do it:
Place your .htaccess file in the root document folder of your website (/var/www/html).
1. Enable mod_headers
Apache requires mod_headers module to be able to set headers.
You can enable it with the command
$ sudo a2enmod headers
In CentOS, it comes pre-installed. If not, you can open up Apache config file in a text editor, look for the line containing “mod_expires.so” and uncomment it by removing ‘#’ at its beginning.
2. Add Custom Header
You can simply modify & add the following line in your .htaccess file located at website root (/var/www/html) to set custom header across your entire website.
Header add Strict-Transport-Security "max-age=157680000"
- Avoid using spaces & special characters in header name (Strict-Transport-Security). Stick to hyphen and alphanumeric characters
- You can use space in parameter value. E.g Tacos: “taste=really delicious”
- Always use quotes for “parameter=value”to avoid errors
Add custom header to all requests
If you want to add custom header to all requests to your website, simply add the directive to .htaccess file placed in your website’s root directory.
If you want to add custom header only to all the requests to a specific directory, then create a blank .htaccess file and add the Header directive to it.
Add custom header to a single file
If you want to add custom header to a single file, use Files directive to match the file name
# add custom header to single file <Files example.html> Header add Strict-Transport-Security "max-age=157680000" </Files>
Add Custom Headers to Multiple Files
If you want to add custom header to multiple files, use Files or FilesMatch directive
# add custom header to multiple files <Files ~ "\.(jpe?g|png|gif|mp3|wav|ogg|m4a|mp4|mov|wmv|avi)$"> Header add Strict-Transport-Security "max-age=157680000" </Files>
# add custom header to multiple files <FilesMatch "\.(jpe?g|png|gif|mp3|wav|ogg|m4a|mp4|mov|wmv|avi)$"> Header add Strict-Transport-Security "max-age=157680000" </FilesMatch>
Using Location and Directory
You can also place the above codes in Location or Directory blocks in Apache config file.
3. Restart Apache Web Server
Restart Apache Web Server to apply changes
$ sudo systemctl restart apache2 [Ubuntu/Debian] $ sudo systemctl restart httpd [RHEL/CentOS]
4. Test Custom Headers
You can use one of the HTTP response header tools to enter your website URL and examine the headers.