Apache server response headers play a key role in HTTP communication between a server and a client. These headers provide information about the server and the resources being accessed. They can also influence how web browsers and other clients behave.

Modifying response headers can improve security, optimize performance, or meet specific compliance requirements. For example, adding headers like Content-Security-Policy can enhance a web application's security. Apache allows administrators to add custom headers using the mod_headers module.

In Apache, the mod_headers module lets you modify HTTP response headers. You can add, change, or remove headers as needed. This includes adding your own custom headers when necessary.

Steps to set custom response headers in Apache:

  1. Launch terminal.
  2. Enable headers module for Apache.
    $ sudo a2enmod headers # Ubuntu, Debian and SUSE variants
    Enabling module headers.
    To activate the new configuration, you need to run:
      systemctl restart apache2
    • Distribution with a2enmod support can simply run the command above without having to manually enable the required modules.
    • CentOS and Red Hat enables the module by default so requires no manual action to enable the modules.
    Options Debian, Ubuntu openSUSE and SLES Fedora Core, CentOS, RHEL macOS homebrew xampp
    a2enmod support yes yes no no no no
    Modules to install none
    Module name n/a headers
    Loadmodule directive n/a LoadModule headers_module <module_locations>/mod_headers.so
  3. Open the configuration file for your Apache website using your preferred text editor.
    $ sudo vi /etc/apache2/sites-available/000-mysite.conf
  4. Locate the section where you want to apply the custom header, such as within a specific VirtualHost or Directory directive.
    <VirtualHost *:80>
            #ServerName www.example.com
     
            ServerAdmin webmaster@localhost
            DocumentRoot /var/www/html
     
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>
  5. Add or modify headers within the configuration file using the Header directive with your own custom name and value.
    <VirtualHost *:80>
            #ServerName www.example.com
     
            ServerAdmin webmaster@localhost
            DocumentRoot /var/www/html
     
            Header set MyCustomHeader "Set any values here"
     
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>
  6. Save and exit the text editor.
  7. Reload or restart the Apache service to apply the changes.
    $ sudo systemctl restart apache2 # Ubuntu and Debian
    $ sudo systemctl restart httpd # CentOS and Red Hat
  8. Verify Apache returns the configured custom header tools like curl.
    $ curl -I 127.0.0.1
    HTTP/1.1 200 OK
    Date: Sun, 03 Sep 2023 03:41:54 GMT
    Server: Apache/2.4.55 (Ubuntu)
    Last-Modified: Fri, 25 Aug 2023 12:12:15 GMT
    ETag: "29af-603be4163c6a4"
    Accept-Ranges: bytes
    Content-Length: 10671
    Vary: Accept-Encoding
    MyCustomHeader: Set any values here
    Content-Type: text/html

    Look for your custom header in the response to confirm that it's being sent.

Discuss the article:

Comment anonymously. Login not required.