Module mod_headers
This module provides for the customization of HTTP
response headers.
Status: Extension
Source File: mod_headers.c
Module Identifier: headers_module
Compatibility: Available in Apache 1.2 and later.
RequestHeader appeared in Apache 2.0.
Summary
This module provides directives to control and modify HTTP
request and response headers. Headers can be merged,
replaced or removed.
Directives
Syntax: RequestHeader set|append|add
header value
Syntax: RequestHeader unset header
Context: server config, virtual host, access.conf,
.htaccess
Override: FileInfo
Status: Extension
Module: mod_header
This directive can replace, merge or remove HTTP request headers. The header
is modified just before the content handler is run, allowing incoming
headers to be modified. The action it performs is determined by the first
argument. This can be one of the following values:
- set
The request header is set, replacing any previous header with this name
- append
The request header is appended to any existing header of the same
name. When a new value is merged onto an existing header it is
separated from the existing header with a comma. This is the HTTP standard
way of giving a header multiple values.
- add
The request header is added to the existing set of headers, even if
this header already exists. This can result in two (or more) headers
having the same name. This can lead to unforeseen consequences, and in
general "append" should be used instead.
- unset
The request header of this name is removed, if it exists. If there are
multiple headers of the same name, all will be removed.
This argument is followed by a header name, which can include the
final colon, but it is not required. Case is ignored. For
add, append and set a value is given as the third argument. If this
value contains spaces, it should be surrounded by double quotes.
For unset, no value should be given.
Order of Processing
The RequestHeader (and Header) directives can occur almost anywhere within
the server configuration. It is valid in the main server config and virtual
host sections, inside <Directory>, <Location> and <Files>
sections, and within .htaccess files.
The RequestHeader directives are processed in the following order:
- main server
- virtual host
- <Directory> sections and .htaccess
- <Location>
- <Files>
Order is important. These two headers have a different effect if reversed:
RequestHeader append MirrorID "mirror 12"
RequestHeader unset MirrorID
This way round, the MirrorID header is not set. If reversed, the MirrorID
header is set to "mirror 12".
The RequestHeader directive is processed just before the request is run
by its handler in the fixup phase. This should allow headers generated by
the browser, or by Apache input filters to be overridden or modified.
Syntax: Header set|append|add
header value [env=[!]environment-variable]
Syntax: Header unset header
Syntax: Header echo header
Context: server config, virtual host, access.conf,
.htaccess
Override: FileInfo
Status: Extension
Module: mod_header
This directive can replace, merge or remove HTTP response headers. The header
is modified just after the content handler and output filters are run,
allowing outgoing headers to be modified. The action it performs is determined
by the first argument. This can be one of the following values:
- set
The response header is set, replacing any previous header with this name.
The value may be a format string.
- append
The response header is appended to any existing header of the same
name. When a new value is merged onto an existing header it is
separated from the existing header with a comma. This is the HTTP standard
way of giving a header multiple values.
- add
The response header is added to the existing set of headers, even if
this header already exists. This can result in two (or more) headers
having the same name. This can lead to unforeseen consequences, and in
general "append" should be used instead.
- unset
The response header of this name is removed, if it exists. If there are
multiple headers of the same name, all will be removed.
- echo
Request headers with this name are echoed back in the response headers.
header may be a regular expression.
This argument is followed by a header name, which can include the
final colon, but it is not required. Case is ignored for set, append, add
and unset. The header name for echo is case sensitive and may be a
regular expression.
add, append and set take a value as the third argument. If
value contains spaces, it should be surrounded by doublequotes.
value may be a character string, a string containing format
specifiers or a combination of both. The following format specifiers
are supported in value:
%t: The time the request was received in Universal Coordinated Time
since the epoch (Jan. 1, 1970) measured in microseconds. The
value is preceeded by "t=".
%D: The time from when the request was received to the time the
headers are sent on the wire. This is a measure of the
duration of the request. The value is preceeded by "D=".
add, append and set may take an optional conditional clause
as the fourth argument. The header action (add, append, set) is
done only if the conditional clause evaluates as TRUE.
Order of Processing
The Header (like the RequestHeader) directives can occur almost anywhere within
the server configuration. It is valid in the main server config and virtual
host sections, inside <Directory>, <Location> and <Files>
sections, and within .htaccess files.
The Header directives are processed in the following order:
- main server
- virtual host
- <Directory> sections and .htaccess
- <Location>
- <Files>
Order is important. These two headers have a different effect if reversed:
Header append Author "John P. Doe"
Header unset Author
This way round, the Author header is not set. If reversed, the Author
header is set to "John P. Doe".
The Header directives are processed just before the response is sent
to the network. These means that it is possible to set and/or override
most headers, except for those headers added by the header filter.
Examples
- Copy all request headers that begin with "TS" to the response headers:
Header echo ^TS*
- Add a header, MyHeader, to the response including a timestamp for when
the request was received and how long it took to begin serving the
request. This header can be used by the client to intuit load on
the server or in isolating bottlenecks between the client and the
server.
Header add MyHeader "%D %t"
results in this header being added to the response:
MyHeader: D=3775428 t=991424704447256
- Say hello to Joe
Header add MyHeader "Hello Joe. It took %D microseconds for Apache to serve this request."
results in this header being added to the response:
MyHeader: Hello Joe. It took D=3775428 microseconds for Apache to serve this request.
- Conditionally send MyHeader on the response if and only if header
"MyRequestHeader" is present on the request. This is useful for
constructing headers in response to some client stimulus. Note that
this example requires the services of the mod_setenvif module.
SetEnvIf MyRequestHeader value HAVE_MyRequestHeader
Header add MyHeader "%D %t mytext" env=HAVE_MyRequestHeader
If the header "MyRequestHeader: value" is present on the HTTP request, the response
will contain the following header:
MyHeader: D=3775428 t=991424704447256 mytext