Questions tagged [http-headers]
HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.
643 questions
1
vote
1
answer
107
views
How to stop Apache to return a wrong line before the HTML header breaking it
I use a simple site enabled to publish files in Apache:
File: /etc/apache2/sites-enabled/contents.conf
<Directory "/mnt/data/contents/">
Options FollowSymLinks
...
- 497
0
votes
1
answer
36
views
Best Practices for Caching a Paginated Blog Search Results Page with Varnish
How should a blog search results page be cached, considering it returns a list of 10 items with pagination (GET ?query=<search_term>&page=<number>) to navigate to the next page? What ...
- 101
1
vote
0
answers
46
views
How to make HTTP OPTIONS responses working for WebDAV with Apache2?
The HTTP OPTIONS request is an HTTP request type (like GET, POST) to web servers. It is optional as a helper, you can use it to programmatically find out what requests web servers understand. But you ...
- 497
0
votes
0
answers
33
views
Dynamic Configuration of ProxyErrorOverride in Apache Based on Response Headers
We have an Apache server configured as a reverse proxy for our backend application. Currently, the Apache server overrides error codes (4xx and 5xx) and displays a default error page when an error ...
- 101
-1
votes
3
answers
376
views
IIS 10: How to remove server and NET headers
The setup is as follows:
Windows Server 2022 Standard with IIS 10.
ASP .NET 4.8 based application, running with Integrated mode and Application Pool Identity.
Im trying to remove the following headers:...
- 312
0
votes
0
answers
39
views
Can a 499 Error be caused by the server?
I am getting a 499 error on a particular api call (specifically only when the browser is Firefox). My research has shown the 499 error is caused by the client severing the connection with the api.
...
- 101
0
votes
1
answer
228
views
How does Nginx behind NAT know the original IP address of the client?
I have a virtualized router with public IP address assigned to it directly in proxmox.
When i send a request to port 443 from a different network(from a browser) the router correctly portforwards it ...
0
votes
2
answers
378
views
Nginx add header in http-section with variable value set in location-section
In my nginx setup, I'm adding some http-headers globally within the http-section. One specific header however depends on a value that I only know after mapping the location block.
When I add the ...
- 284
0
votes
0
answers
24
views
AWS Cloudfront - headers not thrown from code
I have a static site (Nuxt/Nitro) which has some headers responses (CSP, XSS etc...).
I deployed first on Netlify, I got my custom headers thrown by the code.
I had to change hosting and deploy on AWS ...
- 101
0
votes
0
answers
121
views
Allow both `'Access-Control-Allow-Origin' '*'` and `Content-Security-Policy "frame-ancestors *"`
I have the following conf.d/prod.conf.
It does not raise Refused to display 'https://v10.frontend.tech/' in a frame because it set 'X-Frame-Options' to 'sameorigin'. because of add_header Content-...
- 377
0
votes
1
answer
760
views
Apache 2.4 Read from request header and set the same in response header
I am using Apache 2.4.6
I wanted to check if a custom header X-CUSTOM-HEADER is present in the request, if yes then set the same header and same value to the response. If the header is not present in ...
0
votes
0
answers
13
views
Config nginx proxy for tomcat app on Ubuntu [duplicate]
I have that config for nginx:
server {
listen 80;
server_name myDomain;
access_log /var/log/nginx/tomcat-access.log;
error_log /var/log/nginx/tomcat-error.log;
underscores_in_headers on;
if ($...
0
votes
0
answers
21
views
When does HTTP server send response header Connection: <number> or TE?
I am confusing with a proprietary CWMP ACS sending me these values in the header. What's main purposes of that?
- 127
-1
votes
1
answer
966
views
Nginx error "upstream prematurely closed FastCGI request while reading upstream" with generated file download
I just spent the whole day trying to figure out this error.
We have a PHP script that generates a file for download. After upgrading nginx (1.16 -> 1.24), this script suddenly started randomly ...
0
votes
0
answers
356
views
Change server header on all endpoints (Flask + Nginx + Gunicorn)
I'm working on a Flask app that uses gunicorn and nginx and should hide its server header, so I managed to do it only for the homepage, like this:
gunicorn.conf.py
import gunicorn
gunicorn.SERVER = '.'...
- 113
3
votes
0
answers
591
views
PHP post data lost with Transfer-Encoding: chunked; Apache regression?
I am moving a PHP application from an older CentOS 7 server with Apache 2.4.6 and PHP 7.3.33 (mod_php) to a newer Alma Linux 9 server with Apache 2.4.57 and PHP 8.0.30 (PHP-FPM). This is a back-end ...
- 171
-1
votes
1
answer
56
views
What are cons of websockets? [closed]
I mean why at first place polling and server events exist if websocket can not only solve the problems they are solving but also allow additional functionalities (like bidirectional nature). I guess ...
- 205
0
votes
1
answer
331
views
How do I add a header to a single static file in IIS 10?
Server is Windows Server 2016
I need to serve a single static file with a different header than all the other files (Cache-Control: max-age=15)
A different answer gives the leaf XML node as: <...
- 452
0
votes
0
answers
107
views
ADFS does not send X-Frame-Options header
ADFS Server does not send the X-Frame-Options header, although it is configured on the server.
(Get-AdfsResponseHeaders).ResponseHeaders
Key Value
--- -----...
- 377
0
votes
0
answers
44
views
Placement of HTTP Headers in VirtualHost Containers?
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Content-Type-...
- 1
0
votes
0
answers
1k
views
Why does nginx as a reverse proxy not send Referrer-Policy header?
A bit of context : I'm using nginx as a reverse-proxy for a bunch of apps running in Docker containers.
Among those apps there is Nextcloud (fpm), and the settings page complains about HTTP Referrer-...
- 43
1
vote
0
answers
391
views
Is there a Apache module can fully log HTTP requests, in a non processed way?
I'm looking for an Apache module that is able to log the RAW content of HTTP requests, unprocessed. Here is one example :
POST https://foobar/ HTTP/1.1
Host: foorbar
Connection: keep-alive
Content-...
- 131
0
votes
1
answer
106
views
Nginx add_header Link not parsed by Lighthouse
I'm trying to investigate why Google isn't indexing some pages (allegedly, because they redirect) and, when using Lighthouse to check an example page, I see the following:
Error parsing link header (...
- 141
2
votes
0
answers
490
views
Why is CloudFront failing to pass a header from the origin to the client?
I have CloudFront configured with an API Gateway origin. In the application accessed via API Gateway, my application responds to a particular request with a Content-Disposition header so that the data ...
- 201
0
votes
0
answers
270
views
Do ETags generated on upstream need If-None-Match check? (NGINX)
(Reposting my post deleted after a year of inactivity)
Let's assume I use etag off (and if_modified_since off with add_header Last-Modified "" to not make redundancy) in NGINX and I generate ...
0
votes
1
answer
113
views
iptables string matching feasability; possible use with fail2ban
We have several Apache 2.4 web servers behind a load balancer and CDN front end - where HTTPS is terminated - we see the client IP in headers from the front end in the back end Apache logs. I'm ...
0
votes
2
answers
302
views
Apache/httpd 'Header set Server' is ignored/overridden
I am using this in a VirtualHost
<IfModule headers_module>
Header set ProcessingTime "%D"
Header set Server "Apache 2.4"
</IfModule>
I can see that the ...
- 125
2
votes
1
answer
2k
views
Apache GZIP for images - any reason?
JPEG, GIF, PNG and WEBP images are already compressed. Is there any reason to serve them up using GZIP compression, regardless of whether or not the client says it may accept GZIP compression?
curl -H ...
- 199
2
votes
1
answer
3k
views
Adding custom headers on error responses from haproxy
I have the following haproxy config that adds the access-control-allow-origin header on successful 200 requests with the below config. My problem is, when I hit timeouts or haproxy itself (not my ...
user1033846
0
votes
1
answer
2k
views
CORS access-control headers not visible in the response headers section of Chrome inspector
Using https://cors-test.codehappy.dev/ to test our test server's new CORS policy, we receive:
These are the response headers received when making the request:
access-control-allow-credentials: true
...
- 365
0
votes
1
answer
292
views
Caddyfile header directive unable to override file_server ETag
Invoking caddy run against the Caddyfile:
http://localhost
header ETag forcedValue
file_server
I expect curl -v http://localhost/Caddyfile to show a response with the ETag forcedValue.
Instead, a ...
- 1,051
0
votes
0
answers
1k
views
Content-Security-Policy frame-ancestors not working
I'm running an OpenLiteSpeed server and would like to only allow webpages that start with a specific url on my site (e.g. https://example.com/video/**) to be iframed by others. (I want to allow anyone ...
- 101
0
votes
1
answer
1k
views
Writing a RewriteRule based on X-Forwarded-Host
I have an Apache webserver behind a load balancer which proxies request to Apache and have problem regarding configuring directories.
Here is my scenario:
Upper Load Balancer proxies request to ...
1
vote
1
answer
3k
views
Nginx - No last-modified or Etag response header on HTML
I am facing a rather odd issue with my web server. The server is configured with Ubuntu 20.04, Nginx v1.22.1, PHP 8.0, and MariaDB to host my WordPress website.
The issue is, the server is not sending ...
1
vote
1
answer
507
views
Cloudflare uncompressing, then re-compressing response bodies
I'm using Node.js/express and if I set the headers
Content-Type: application/json
Content-Encoding: gzip
and send gzipped compressed bodies of JSON data, this works as expected - when not behind ...
- 111
2
votes
1
answer
641
views
Are HTTP Headers configured by the CDN or by the application?
This is kind of a theoretical question, and I guess it may be too broad or unclear.
Foobar is an application serving users across the internet. It relies on a CDN to improve its resiliency, speed, etc ...
0
votes
3
answers
7k
views
Nginx not working with domain/url that points to server IP
The configuration I have set (below) works for localhost but not for my domain. The goal is to access port 3000 externally with basic auth so only I can access it. When I go to localhost, it is ...
- 9
0
votes
1
answer
211
views
Apache include value of %{TIME_YEAR} variable in an HTTP response header
I'm trying to do something like the following:
<If "%{IPV6} == 'off'">
Header always set Attention "you are using still using IPV4 in %{TIME_YEAR}, please blahblah etc"
<...
- 209
0
votes
0
answers
2k
views
How to set Access-Control-Allow-Origin for multiple origin domains with Tomcat?
An answer on SO to the same nice - and following guidelines - question but for Apache, how to set Access-Control-Allow-Origin entry header for multiple origin domains deals with .htaccess, checking ...
- 113
1
vote
1
answer
765
views
NGINX 302 redirect / proxy
I have an icecast server that runs on port 8000 however when I set up a proxy using NGINX I seem not to be able to make it look like it is the original server.
I am wondering is there anyway to kinda ...
- 185
-1
votes
1
answer
82
views
What is the web server software announcing itself as "VDL/1.0"?
I am looking at an old web form located at: http://www.teleservices.lyon.fr/etat-civil/naissance/
Of course, it is obsolete, bogus, without TLS, etc.
But I don’t recognize the web server publishing it....
- 129
1
vote
1
answer
1k
views
What is this formatting in the "Bearer" Authentication token of a HTTP get
I came across a "Bearer" Authentication in the header of a HTTP request (I want to understand an API) that I want to replicate.
This is the header field:
authentication : Bearer ...
- 113
1
vote
0
answers
5k
views
Nginx - remove HTTP Header from response
Hey guys.
I have the following question:
Is it possible to remove or change the value of a header that was added a few lines earlier?
Here is the whole scenario:
Setup
my-website.com.conf
...
server {
...
- 11
2
votes
1
answer
7k
views
Which static file types does Nginx generate ETags for by default?
In modern versions of Nginx, the ETag is automatically generated for static file types, even if you don't specifically enable the etag on in your location blocks or otherwise:
https://nginx.org/en/...
- 348
1
vote
1
answer
587
views
NGINX byte-range requests are enabled but Pocket Casts still reports invalid headers
My NGINX web server has byte ranges enabled via add_header Accept-Ranges bytes; and I can successfully get byte ranges of podcast episodes via curl:
$ curl -I -r 200-300 https://konradhoeffner.de/...
- 205
2
votes
0
answers
678
views
Are servers allowed to add a Content-Encoding header based on filename, if there is no compression on-the-fly?
Problem
Suppose we have a compressed archive on disk, e.g. file.tar.gz, which should be served as-is.
The file is served with Content-Type: application/gzip, but for some reason the server also adds a ...
- 175
0
votes
1
answer
221
views
Apache sends corrupted header [duplicate]
I have configured a basic virtual host just to be able to list a specific directory on the server. For the local files it’s working perfectly, but one of the folder listed at the root is a symlink to ...
- 233
1
vote
0
answers
436
views
Set header for all except one location
I'd like to set a header on all page request except for one. I've tried the following:
location ~ ^\/(?!allow-iframes) {
add_header 'X-Frame-Options' 'DENY';
}
This has some unexpected behavior. ...
- 137
3
votes
2
answers
5k
views
How can I remove an accept-encoding request header in nginx?
The recent update to zlib due to a security hole appears to cause a major problem when serving PHP-FPM 8.0 via nginx on Ubuntu focal. Any requests with a gzip encoding fail right at the start of the ...
- 3,319
1
vote
1
answer
2k
views
Apache 2.4 .htaccess Set Headers for error pages
I am setting some headers using .htaccess for a web page, f. e.:
<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</IfModule>
...
- 113