Have a Question?
Change HTTP header settings using .htaccess file
First step, if you do not already have a .htaccess file created in the root directory of the affected domain name document. To do this, refer to the following:
If the file already exists, you can edit it as described below:
What is the http header?
The HTTP header is part of an HTTP request or response. This determines the operating parameters of the HTTP transaction. For more information, see the following link:
The .htaccess file can be used to modify or complement the HTTP response header.
The .htaccess file can use the following to force the header of a given content type. The charset header specifies the document’s character encoding. You can add the header without the meta tag:
<IfModule mod_headers.c> AddDefaultCharset UTF-8 AddDefaultCharset ISO-8859-2 </IfModule>
In the .htaccess file, you can set a language header as follows. You can add the header without the meta tag:
<IfModule mod_headers.c> DefaultLanguage hu-hu </IfModule>
Cache-Control is one of the most common headers used for websites. This determines how long the file is stored in your browser
For example, if you set 5 minutes in the Cache-Control header, the visitor’s browser downloads the page and then caches it for 5 minutes. After 5 minutes, the page must be retrieved from the server.
In the following example, we set the web page to be stored for 5 minutes by visitors browsers.
<IfModule mod_headers.c> Header set Cache-Control "max-age=300, public" </IfModule>
max-age is set in seconds.
The caching policy may be “public”, “private” or “no-store”.
Use ‘Vary’ HTTP headers for mobile pages
The following Google article describes the use of Vary headers for mobile pages:
Content-Security-Policy header helps reduce XSS risks. For more details, see the following pages:
Specifies that browsers will only communicate over HTTP instead of HTTPS. For more details, see the following pages:
Enable the following content in the .htaccess file:
<IfModule mod_headers.c> Header add Strict-Transport-Security "max-age=31415926;includeSubDomains;" </IfModule>
You can testing the following command:
curl -I https://example.com
The output looks like this:
[server]$ curl -I https://example.com HTTP/1.1 200 OK Date: Tue, 05 Jun 2018 20:05:52 GMT Server: Apache Last-Modified: Tue, 05 Jun 2018 16:26:52 GMT ETag: "2f9-56de78493cbc8" Accept-Ranges: bytes Content-Length: 761 Strict-Transport-Security: max-age=31415926;includeSubDomains; Content-Type: text/html
The command output shows the Strict-Transport-Security header