i have website on PHP and i wont to know how to set this HTTP headers:
Last-Modified
If-Modified-Since
Cache-Control
ETag
For Last-Modified i try this:
RewriteRule .* - [E=HTTP_IF_MODIFIED_SINCE:%{HTTP:If-Modified-Since}]
RewriteRule .* - [E=HTTP_IF_NONE_MATCH:%{HTTP:If-None-Match}]
For Cache-Control:
<FilesMatch "\.(ico|jpg|jpeg|png|gif|js|css|swf|pdf)$">
Header set Cache-Control "max-age=604800, public, must-revalidate"
</FilesMatch>
<FilesMatch "\.(html|htm|xml|txt|xsl)$">
Header set Cache-Control "max-age=86400, public, must-revalidate"
</FilesMatch>
For ETag this:
Header unset
ETag File
ETag None
But don't works and don't returned in headers. It's right method with htaccess, it's possible? In case of YES, how to make it?
Thank you so much on advise!
Related
I am creating a CSV File with PHP and save it to the Server.
The Server Cache is enabled, but this makes the CSV File being cached too.
I am looking for a way to prevent that. Without Plugins...
What I tried: adding code to htaccess (which also prevents the browser from caching the file, please don#t focus on answers related to htaccess and browser-caching, thanks!).
And I also tried to add some header() Code .. but I am not sure where.
I added this when I create the File:
header('Content-Type: text/csv');
header('Content-Disposition: attachment filename="sample.csv"');
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
But it's not working when I open the file - it gets cached. But I guess this is the false spot for adding this code. But where else?
I also tried to add an action to 'init' and ask if the called file is the file I don't want to be cached, but of course, functions.php is not called when opening a file from the server.
Does someone have an Idea?
Put this code in .htaccess file , it may help you . prior puting this make sure you have done backup of your website.
<FilesMatch "\.(pdf|csv|doc)$">
<IfModule mod_expires.c>
ExpiresActive Off
</IfModule>
<IfModule mod_headers.c>
FileETag None
Header unset ETag
Header unset Pragma
Header unset Cache-Control
Header unset Last-Modified
Header set Pragma "no-cache"
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Expires "Mon, 10 Apr 1972 00:00:00 GMT"
</IfModule>
</FilesMatch>
I am confused about placing X-XSS-Protection in Apache. I use sitecheck.sucuri.net and I recommend adding X-XSS-Protection. How to do it?
I try setup in .htaccess like this=
<IfModule mod_headers.c>
Header set X-XSS-Protection
Header unset Pragma
Header append Cache-Control "public"
</IfModule>
...```
Is that true, but it doesn't work. How to do it?
Try this in your .htaccess:
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header unset Pragma
Header append Cache-Control "public"
</IfModule>
...
Header set X-XSS-Protection "1; mode=block": Enable XSS filtering. Instead of sanitizing the page, the browser will prevent page rendering if an attack is detected.
Please read this: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
I'm having the following error Font from origin 'http://static.example.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.example.com' is therefore not allowed access.
I am using the following COR setting in .htaccess file here below
<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault "access plus 1 month"
ExpiresByType text/cache-manifest "access plus 0 seconds"
........
<IfModule mod_headers.c>
Header append Cache-Control "public"
<FilesMatch "\.(ttf|otf|eot|woff|svg)$">
SetEnvIf Origin "^http://(.*)?example.com$" origin_is=$0
Header set Access-Control-Allow-Origin %{origin_is}e env=origin_is
</FilesMatch>
<FilesMatch "\.(js|css|xml|gz)$">
Header append Vary: Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
Please I need help with this
Try this in your .htaccess file:
# Allow font assets to be used across domains and subdomains
<FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>
You can read more about this issue in this excellent article I found: https://expressionengine.com/learn/cross-origin-resource-sharing-cors
Try adding this to your .htaccess file:
Header add Access-Control-Allow-Origin "http://example.com"
Alternative:
Header add Access-Control-Allow-Origin "*"
You can also try this
<FilesMatch ".(eot|ttf|otf|woff)">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
More at https://davidwalsh.name/cdn-fonts
can anyone point out what is wrong with my htaccess coding?
I am getting errors: This response is negotiated, but doesn't have an appropriate Vary header.
The resource doesn't send Vary consistently.
## add vary header
<IfModule mod_headers.c>
<FilesMatch ".(js|css|gz|xml)$">
Header append Vary: Accept-Encoding
</FilesMatch>
</IfModule>
## Add Expire Headers
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 year"
</IfModule>
# 1 month catching
<filesMatch "\.(css|js|jpg|jpeg|png|txt|html)$">
Header set Cache-Control "max-age=2678400, must-revalidate"
Header set Last-Modified "Mon, 16 Oct 2012 00:00:00 GMT"
</filesMatch>
Try to remove this one:
{<IfModule mod_headers.c>
<FilesMatch ".(js|css|gz|xml)$">
**Header append Vary: Accept-Encoding**
</FilesMatch>
</IfModule>}
It's probably set elsewhere.
I hope this helps you.
I've just finished a drupal project and I'm going through optimization phase of the site. I've checked cache blocks and CSS and JS aggregation under performance for better load time . but something I noticed, when I run a page speed test or Yslow everything passes but Leverage browser caching. It seems like the expiry date is not set on all the images and css files. My question is do I have to edit .htaccess file or do I need to place the images and css files that are not cached into a particular folder?
Any help is appreciated, many thanks in advance
You can configure Apache to set specific expire / cache control headers for your image/css/js files using mod_expires and mod_headers.
Here are few examples (general examples -- analyse and consult the manual before applying to your system):
<FilesMatch "\.(html|htm|js|css)$">
FileETag None
<IfModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</IfModule>
</FilesMatch>
Caching with both mod_expires + mod_headers
# Turn on Expires and set default to 0
ExpiresActive On
ExpiresDefault A0
# Set up caching on media files for 1 year (forever?)
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav)$">
ExpiresDefault A29030400
Header append Cache-Control "public"
</FilesMatch>
# Set up caching on media files for 1 week
<FilesMatch "\.(gif|jpg|jpeg|png|swf)$">
ExpiresDefault A604800
Header append Cache-Control "public"
</FilesMatch>
# Set up 2 Hour caching on commonly updated files
<FilesMatch "\.(xml|txt|html|js|css)$">
ExpiresDefault A7200
Header append Cache-Control "proxy-revalidate"
</FilesMatch>
# Force no caching for dynamic files
<FilesMatch "\.(php|cgi|pl|htm)$">
ExpiresActive Off
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</FilesMatch>
I had the same issue for a long time and I just found the trick!
After looking in .htaccess located on drupal's root repository, there is this condition :
<IfModule mod_expires.c> ... </IfModule>
The code located inside is not executed because apache's expires_module is just not enable on my server, check if expires_module is present on list returned by :
sudo apache2ctl -M
If not, just activate it by :
sudo a2enmod expires
sudo a2enmod headers
sudo service apache2 restart