Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [http-headers]

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

Refer to RFC 2616

624 questions
5
votes
2 answers

Is the Last-Modified HTTP header required for browser caching?

When I unset the Last-Modified header in Apache (ETags are also disabled), Firefox (4.01) will not cache any file regardless of whether I set a future Expires header or enable the Cache-Control header. So is the Last-Modified (and/or an ETag) header…
Jeff
  • 1,416
  • 3
  • 28
  • 50
5
votes
1 answer

How to disable ETag headers in Tomcat

Tomcat seems to send an ETag header with each response by default. I'd like to disable these for reasons outlined here. I know I can strip them out in my Apache configuration, but is there any way to disable them on the Tomcat side?
Ben Williams
  • 2,376
  • 4
  • 21
  • 17
5
votes
2 answers

IIS 7.5 Custom HTTP Response Headers Not Working

Trying to setup custom HTTP Response Headers on a new install of IIS7.5 on Windows Server 2008 R2 Standard and they are not working. Default headers work fine (X-Powered-By, etc...). Modifying default header values work (ie. change X-Powered-By to…
Craig
  • 211
  • 2
  • 8
5
votes
3 answers

What is the best way to move site to new domain without losing google page rank

I just bought new domain for my web page. Is it good to use php redirection to the new domain and what are the exact headers that I must send to google bot to just renew the address and keep the page rank without loosing position in search results…
T1000
  • 155
  • 4
4
votes
1 answer

Is this a proper Content-Type header?

I have a pretty good understanding of the Content-Type header for most cases. I understand that for the following four examples, you would normally follow the MIME-type with charset=your-charset-here. Content-Type "text/plain;…
Jeff
  • 1,416
  • 3
  • 28
  • 50
4
votes
1 answer

ExpiresByType "access plus 1 month" results in 1 year expires header

I have implemented resourec expiry with the following set up ExpiresActive On ExpiresByType image/jpg "access plus 1 year" ExpiresByType image/jpeg "access plus 1 year" ExpiresByType image/gif "access plus 1…
jdog
  • 121
  • 7
  • 29
4
votes
0 answers

Apache 2.4 + PHP-FPM + Chromelogger (how to increase HTTP header length limit?)

I have a running Apache 2.4 + PHP-FPM setup. There is one edge case though, when this setup fails - when using Chromelogger. Chromelogger is a server to client debugging tool, which sends it's data through a HTTP header to a browser. The header's…
mgo
  • 141
  • 3
4
votes
3 answers

Clear browser local cache by sending http headers?

I have modified js and css files in my website. But browser still fetch the contents from local cache because browser has stored it. I want to fetch the fresh content from the server without clearing the local cache. Previously max-age header was…
linux404
  • 153
  • 1
  • 2
  • 9
4
votes
1 answer

http headers vanish when proxying http errors through nginx

I'm using nginx as TLS terminator in front of an Apache 2.4 server. I'm using add_header X-Content-Type-Options nosniff; in nginx to add this header to every response. If the HTTP status code returned by Apache is below 400 the header is correctly…
Thilo
  • 243
  • 3
  • 11
4
votes
1 answer

How do I "override" Server response header on a ReverseProxied website?

I am running a couple of websites on different server on a local network. All websites are Proxied via one server where HTTPS is added and the trafic is monitored. Currently, if someone makes a: curl -I subdomain.domain.tld The result is: curl -I…
Orphans
  • 1,396
  • 2
  • 18
  • 30
4
votes
2 answers

Apache 2.4: Header unset in does not work

We are running apache 2.4 in order to serve our typo3 generated websites. In general we want to have the X-Frame-Options SAMEORIGIN Header present for all requests. With one exception. For a specific URL this Header should be unset, since it has to…
Tobias Wolf
  • 71
  • 1
  • 4
4
votes
1 answer

HSTS exclude specific subdomain with "includeSubdomains"

I'm using HSTS with this header on my website: Strict-Transport-Security: max-age=15768000; includeSubDomains This works as intended and forces the browser to redirect all http connections to https. In the documentation at…
zuim
  • 180
  • 1
  • 7
4
votes
0 answers

Set CORS headers on nginx

Addresses like http://vpsxxx.ovh.net/g/search?q=ok or http://vpsxxx.ovh.net/so/questions/34738694/how-to-move-items-on-the-screen-for-a-game-using-javascript are proxied well, when trying them from the browser url bar But not from JS, even after…
caub
  • 149
  • 1
  • 4
4
votes
1 answer

Access-Control-Allow-Origin header missing from a response

I'm trying to debug an issue. On one of my sites, the font files are not loading correctly. Someone has reported this error in the inspector log: Font from origin 'http://d1h0r2f9g9fk4d.cloudfront.net' has been blocked from loading by Cross-Origin…
Laykes
  • 441
  • 5
  • 14
4
votes
1 answer

is there a standard for chaining x-forwarded-for headers?

IETF RFC 2616 Section 4.2 allows a request to contain multiple headers with the same field-name as long as chronological order of insertion is preserved and their values can be converted into single header with a comma-separated list of…
BaltoStar
  • 197
  • 3
  • 14
1 2 3
41 42