FREE THOUGHT · FREE SOFTWARE · FREE WORLD

Home  »  Htaccess  »  Manipulating HTTP Headers with htaccess

by 28 comments

Apache .htaccess and httpd.conf have the power to send and manipulate HTTP Header Requests and responses like sending P3P privacy headers, Content-Type: UTF-8, Content-Language: en-US, etc. The power is immense and you can do some really cool stuff with HTTP Headers!

Check out my advanced HTTP Header Viewer and Manipulator - Free Online Tool.

Custom HTTP Headers

Any time you see a meta tag of type "http-equiv" you can replace it with a real header in htaccess

100% Prevent Files from being cached

This is similar to how google ads employ the header Cache-Control: private, x-gzip-ok="" to prevent caching of ads by proxies and clients.

<FilesMatch "\.(html|htm|js|css)$">
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</ifModule>
</FilesMatch>

Remove IE imagetoolbar

<FilesMatch "\.(html|htm)$">
<ifModule mod_headers.c>
Header set imagetoolbar "no"
</ifModule>
</FilesMatch>

Add P3P Privacy Headers to your site

Adding a P3P header to your site is a good idea, do this.

<ifModule mod_headers.c>
Header set P3P "policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS""
 
# OR THIS, SIMPLER
Header set P3P "policyref="/w3c/p3p.xml""
</ifModule>

Add a "en-US" language header and "UTF-8" without meta tags!

Article: Setting Charset in htaccess

AddDefaultCharset UTF-8
AddLanguage en-US .html .htm .css .js

Using AddType

AddType 'text/html; charset=UTF-8' .html

Using the Files Directive

Article: Using 'Files' in htaccess

<Files ~ ".(htm|html|css|js)$">
AddDefaultCharset UTF-8
DefaultLanguage en-US
</Files>

Using the FilesMatch Directive

Article: Using 'FilesMatch' in htaccess

<FilesMatch "\.(htm|html|css|js)$">
AddDefaultCharset UTF-8
DefaultLanguage en-US
</FilesMatch>

Tags

April 10th, 2007

Comments Welcome

  • karel

    Does '100% Prevent Files from being cached' also works for websites displaying ads in an php environment instead of html?

  • http://www.galan.de Daniel

    imagetoolbar = no
    doesn't works, you have to specify the "http-equiv" explicitly. Why that?

  • http://www.askapache.com/ AskApache

    @ Daniel

    Works for me.. the http-equiv meta tag literally means http header equivelant. http header is better of course.

  • http://www.ninjatactics.net/ johnny

    i am using the "100% Prevent Files from being cached" htaccess code but not sure i am using it correctly. I created the file in placed it in the root directory. do i need to specify where my files are locate in the htaccess file?

  • http://www.askapache.com/ AskApache

    @ johnny

    use the http header viewer tool to see if its working, if not then paste your .htaccess

  • http://www.ninjatactics.net johnny

    I have multiple folders inside an assets folder that contain mp3 & swf files that I do not want to cache. this is my htaccess code not sure if im using it correctly

    RewriteEngine on
    rewritecond %{http_host} ^ninjatactics.net [nc]
    rewriterule ^(.*)$ http://www.ninjatactics.net/$1 [r=301,nc]
     
    FileETag None
    Header unset ETag
    Header set Cache-Control "max-age=0, no-cache, no-store, private"
    Header set Pragma "no-cache"
    Header set Expires "0"
  • http://brianswebdesign.com/ Brian’s Web Design

    I'm just wondering about this P3P. I read about it, and was wondering if any browser implements this?

  • Jackson

    Just a note for "100% Prevent Files from being cached":
    You need to enable mod_headers otherwise it drops

    500 Internal Server Error

  • Mike

    Thank you for this amazing wealth of knowledge! It's more definitive (and easier to understand) than the main apache and php.net forums.

    QUESTION:
    You suggest "prevent file caching" to speed up a site. Doesn't turning OFF caching slow down the site? Seems it's faster to pull a file from cache than request it ...unless I'm missing or confusing this with something else?

    Thanks again! -Mike

  • http://www.askapache.com/ AskApache

    @ Jackson

    Thanks for spotting that, I updated the .htaccess example code above to use the IfModule directive to prevent the 500 Errors, nice one bro.

  • WiserX

    I surf the net for an easy to understand guide on htaccess.

    Finally i have a deeper idea on htaccess with your guide.

    Intelligent work. Thanks.

  • Tylan

    Will the Prevent Caching 100% work for executables? I have an EXE on our site that I use for remote support. I frequently update it, but I want to make sure that that my end users always download the current version, and not one in their cache.

    Tylan

  • Tylan

    Does this work for EXE files as well?

  • alexander

    100% working ... Blocking Cookies?

    :)

  • ch

    100% Prevent Files from being cached
    works like a charm to stop caching files.... Thank you very much.

  • mn

    For some locations we can disable the caching system?

    For example :
    This is my .htaccess content, and I have to disable php file caching for some locations.

    Header set Cache-Control "max-age=86400, public"
    Header set Expires "Thu, 8 May 2010 20:00:00 GMT"
    Header unset Last-Modified

    I want to do this

    Header set Cache-Control "max-age=86400, public"
    Header set Expires "Thu, 8 May 2010 20:00:00 GMT"
    Header unset Last-Modified
     
    #  Header set Cache-Control "max-age=0"
    #  Header set Expires "Thu, 8 May 2000 20:00:00 GMT"
    #  Header unset Last-Modified

    How can I do that? Thanks.

  • Adam

    I like to use this free http send header tool to manipulate and send HTTP request and view the response easily.

  • http://www.asipay.com Mitchel Carlsen

    I tried to follow your example of '100% Prevent Files from being cached' by adding the following lines to my httpd.conf file:

    Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
    Header set Pragma "no-cache"

    When I use the FilesMatch conditional statement, I don't receive the expected results:

    HTTP/1.1 200 OK
    Date: Mon, 07 Jun 2010 23:17:31 GMT
    Server: Apache/2.2.3 (Red Hat)
    Connection: close
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8

    If I remove the FilesMatch and use the following:

    Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
    Header set Pragma "no-cache"

    I get the expected results:

    HTTP/1.1 200 OK
    Date: Mon, 07 Jun 2010 23:15:11 GMT
    Server: Apache/2.2.3 (Red Hat)
    Cache-Control: max-age=0, no-cache, no-store, must-revalidate
    Pragma: no-cache
    Connection: close
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8

    Can you see what I may be doing wrong with the 'FilesMatch' statement?

  • http://www.e-sushi.net/ e-sushi™

    Be aware that when you “prevent file caching”, you will get an impact on load speed, because every request thinks it has a "modified" status that will make a browser fetch the data from the server again, and again... and again. Cool thing if you want to see your bandwidth used and if you want to ensure users going bezerk looking at the "loading" status message... my 2 cents: CACHE all CSS, JS, JPG, PNG, GIF and any other static data. If you're using PHP and expect it to be fresh every time you load it, don't cache... but if you use a CMS... CACHE your PHP too!

    Don't confuse people with wrong or incomplete information... it downgrades the value of your writings.

  • carla

    Do you know if there is a way to always set a 503 error code for a specific file?

    I'm working on a npi script which mustn't lost any request. But any php fatal error (when I'm updating the script for example) returns header 200. That should mean my script process the request, but it didn't because a fatal error.

    I know the caller repeat the request when get a 503 error, so I wonder to set 503 as the default response by htacess and send header 200 using the php function header (if that execute, so there was no fatal error).

    That make sense?

    Could you point me if there is a way to set header code by htacess?

  • http://name.com User

    thank you. preventing from caching files works perfectly

  • Mike

    I would like to exclude specific pages (contact forms) from the nocache http header. How can I do that? Thanks

  • Mike

    I would like to exclude specific pages (contact forms) from the nocache http header. How can I do that? Thanks

  • Pingback: How to Make an HTML5 iPhone App | vnDezign Magazine

  • Pingback: Apache: How to enable browser cache for test.json that has rewrite/is generated trough json.php? - PHP Solutions - Developers Q & A

  • OGROMNIsnimci

    How can i force open file, and not download (.srt)

  • Nathan Adhitya

    nope

  • Nathan Adhitya

    nope

My Online Tools
WordPress Sites

My Picks

Related Articles
Newest Posts
Twitter

  • The Hacker Playbook - very nice high level overview of attacks  t.co/lHwNVWi61u 
  • Clean Code - A Handbook of Agile Software Craftsmanship  t.co/hnJX0x1qIc 
  • Secrets of the JavaScript Ninja - By my absolute favorite JS hacker John Resig!  t.co/tZ42ljmcCl 
  • Hacking Exposed 7: Network Security Secrets & SolutionsMy all time favorite, basic but thorough and accurate.  t.co/jycW0RDVtZ 
  • Empty words will be no surrogate for cold resolve. Pain is nothing.  t.co/qXjpRxbjCw 
  • REVERSING: Secrets of Reverse Engineering  t.co/GaWo29lWWG 
  • NEUROMANCER  t.co/3OoknUcb5Z 
  • "The Shockwave Rider", by John Brunner (1975 hacker sci-fi)  t.co/ZW56HVUefW 
  • The Rootkit ARSENAL - Escape and Evasion in the Dark Corners of the System  t.co/1FzX6bHgsQ 
  • "We Are Anonymous - Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency" better be good!  t.co/GL0cFNiUOq 
  • THE IDEA FACTORY Bell Labs  t.co/FyVhgNwwT5 
  • The Datacenter as a Computer -- Urs Holzle  t.co/M5WIYs1OVg 
  • Now by Steven Levy, "IN THE PLEX"  t.co/PwxtLgqukG 
  • Dreaming in code.... So far, a little boring, but worth the read  t.co/hmeeOjIlfg 

Friends and Recommends
Hacking and Hackers

The use of "hacker" to mean "security breaker" is a confusion on the part of the mass media. We hackers refuse to recognize that meaning, and continue using the word to mean someone who loves to program, someone who enjoys playful cleverness, or the combination of the two. See my article, On Hacking.
-- Richard M. Stallman






[hide]

It's very simple - you read the protocol and write the code. -Bill Joy

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. NCSA HTTPd.
UNIX ® is a registered Trademark of The Open Group. POSIX ® is a registered Trademark of The IEEE.

| Google+ | askapache

Site Map | Contact Webmaster | License and Disclaimer | Terms of Service

↑ TOPMain