How to Add Custom Response Header in Apache?

Apache HTTP server is most widely used web server. it is known for its flexibility and extensive features. One of those great features is response headers. Custom response headers can be helpful for various purposes, such as enhancing security, improving caching mechanisms, or adding custom metadata to HTTP response.

HTTP headers are key-price pairs dispatched between the consumer (normally web browser) and the server. These headers comprise crucial records about the request or reaction, including content type, caching rules, and authentication details. HTTP headers are divided into categories:

• Request Headers: Sent via the purchaser to the server.
• Response Headers: Sent by means of the server to the consumer.

1. Enable the mod_headers Module:

1. Open Command Prompt as Administrator:

• Press Win + X and select Command Prompt (Admin) or Windows PowerShell (Admin).

2. Navigate to Apache’s bin Directory:

cd C:\Apache24\bin

3. Check if mod_headers is Enabled:

httpd -M | findstr headers

• If you see headers_module (shared), the module is enabled.
• If not, proceed to enable it.

4. Enable mod_headers in Configuration:

• Open C:\Apache24\conf\httpd.conf in a text editor like Notepad.
• Find the line #LoadModule headers_module modules/mod_headers.so and remove the # to uncomment it.

LoadModule headers_module modules/mod_headers.so

• Save the file.

5. Restart Apache:

httpd -k restart

2. Add Custom Headers in the Configuration File

1. Open httpd.conf:

• Open C:\Apache24\conf\httpd.conf in a text editor.

2. Add Custom Headers:

• Add the following lines at the end of the file to add a custom header:

<IfModule mod_headers.c>
    # Add a custom header for all responses
    Header add X-Custom-Header "geek for Beginner"
    
    # Add a custom security header
    Header add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    
    # Add CORS headers
    Header add Access-Control-Allow-Origin "*"
    Header add Access-Control-Allow-Methods "GET, POST, OPTIONS"
    Header add Access-Control-Allow-Headers "Content-Type, Authorization"
</IfModule>

• Replace “X-Custom-Header” and “geek for Beginner” with your desired header name and value.

3. Save and Close the File.

4. Restart Apache:

httpd -k restart

3. Verifying Custom Headers

• Open Developer Tools: Press F12 or right-click on the page and select Inspect.
• Go to the Network Tab: Click on the Network tab in the Developer Tools.
• Refresh the Page: Press F5 or click the refresh button in your browser to reload the page.
• Select the Request: Find and click on the request that corresponds to your website URL in the list of network requests.
• Check the Headers: In the right pane, click on the Headers tab. Scroll down to find the Response Headers section. Locate your custom header (X-Custom-Header).