Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [http-headers]

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

Refer to RFC 2616

624 questions
4
votes
6 answers

HTTP load balancer with header-based routing?

I am looking for a HTTP load balancing solution that will provide the following: 1) Accept HTTP connections on port X and forward them to one of multiple other hosts (and/or ports), either randomly or in a round-robin manner. 2) If the server reply…
Anders Sandvig
  • 649
  • 2
  • 9
  • 10
4
votes
1 answer

How to remove response header in lighttpd configuration

There is mod_setenv for adding: setenv.add-response-header = ( "Header" => "value" ) But I can't find anything to remove response headers. I have to be sure, that my content is not cached by mobile operator proxies. On Apache I was doing it…
grzaks
  • 335
  • 1
  • 3
  • 9
4
votes
1 answer

ngrep - possible to hide payloads?

I use ngrep a lot to inspect HTTP headers to see what's going on. I use the -q flag for quiet output, but I really don't want to see the payloads, only the headers. Is there a way to do this? My current command is: ngrep 'Content-Length:' port 80 -t…
PeterB
  • 619
  • 1
  • 8
  • 13
4
votes
0 answers

List of all Permissions-Policy header keys and values?

Does someone have a list of all Permissions-Policy header keys and values? What I have: more_set_headers "Permissions-Policy: camera=(self), fullscreen=(*), geolocation=(self), payment=()"; It was somehow (old - don't use it): more_set_headers…
uav
  • 534
  • 5
  • 20
4
votes
4 answers

Remove X-Forwarded-For header in Squid 3.0

Some months ago I was working with Squid 3.0 and managed to get rid of the X-Forwarded-For header completely. Now I am trying to do the same thing but I do not seem to hit the nail. I have tried forwarded_for off but that does not remove the header,…
mr-euro
  • 848
  • 3
  • 14
  • 31
4
votes
1 answer

How can I apply HSTS header to all vhosts over 443 in Apache

I'm looking to add the HSTS header in Apache... # HSTS / Header Strict Transport Security Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" ... but I have a long list of vhosts for different but related…
oucil
  • 557
  • 6
  • 21
4
votes
2 answers

Custom headers in nginx: log first, clean afterwards

I need to parse nginx access_log and associate records with user accounts. To do so, I decided to use a custom header: App sends custom header (like x-userid) Nginx stores that value in access_log with custom log format $sent_http_x_userid The…
Val Petruchek
  • 53
  • 2
  • 2
  • 5
3
votes
0 answers

How to configure Content-Security-Policy for Nginx and Drupal 8?

I have a Nginx server with Ubuntu 18.04 and a Drupal 8 site. I have read on several articles that should not use 'unsafe-eval', 'unsafe-inline' I added headers for security but the pages of the site are no longer loaded correctly. Here is my Nginx…
Mathieu
  • 31
  • 1
  • 3
3
votes
1 answer

HAProxy add some headers before 302 redirect

I'm trying to add some security headers to the responses that are directed to a specific port. I have the following configured frontend: frontend desenv_ext_1 bind *:80 bind *:443 ssl crt /etc/ssl/certs/cert.pem mode http option tcplog…
R Wagner
  • 33
  • 1
  • 3
3
votes
1 answer

Change Underscore to Dash in Apache Header

I have an application that runs behind Apache 2.4.27 that authenticates users with mod_auth_cas. This module stores attributes about the authenticated user in headers. I'm having issues with one header that's being stripped because it has an…
Ross
  • 33
  • 4
3
votes
1 answer

Nginx on CentOS: How can I change the "Server" header?

I'm running Nginx on Centos6. For security reasons I'd like to change/remove the Server HTTP header contained in the response headers. For instance,nginx's default Sever header looks like:I'm running Nginx on Centos6. For security reasons I'd like…
joejoe12
  • 31
  • 1
  • 2
3
votes
2 answers

X-Geo HTTP Header

Does anyone know the specs for the X-GEO HTTP header? I am seeing some in my logs, and looked for a spec or something, but didn't find anything that explains the values I am seeing. Any reference to the header I find online show values like US etc.…
GWR
  • 165
  • 5
3
votes
0 answers

Nginx - 400 Request Header Or Cookie Too Large (Angular + Symfony)

I have two projects on the same server: a Symfony 3 API (api.example.com) an Angular 5 webapp that uses the API mentionned above (www.example.com) Both are on the same server, served with one Nginx configuration file each. Both work with HTTPS…
Maxime Lafarie
  • 131
  • 4
3
votes
1 answer

How to prevent HAProxy from dropping HTTP headers with underscores

We have an API backend server that requires certain HTTP headers which contain underscores. I know that this is not best practice and headers should use hyphens but I cannot change this. We were using nginx as a proxy server with the option…
Thomas
  • 145
  • 1
  • 6
3
votes
0 answers

Apache httpd sets X-Forwarded-Host instead of Host header

I have an Apache httpd proxy (proxy.example.com) that proxies requests to an application server (app.example.com). Now I'm trying to overwrite the Host header in requests to app.example.com with a directive like this: RequestHeader set Host…
dokaspar
  • 165
  • 1
  • 2
  • 8
1 2 3
41 42