How to add a Header

This is a short guide on how to add a header to a web server. I'm creating this to use as a refence for other posts.

If you don't know what a header is, this won't help you. You should read about HTTP Headers and Response Headers first.

If you do know what a header is, but need a quick reminder on how to add one to a server you're not familiar with or haven't used in a while, see below.

Apache Web Servers

For Apache, edit your httpd.conf or .htaccess file to the following:

Header set Content-Security-Policy-Report-Only "default-src 'none'; form-action 'none'; frame-ancestors 'none';"

IIS Web Servers

  1. Open IIS Manager
  2. Select the site
  3. Go to HTTP Response Headers and under actions click "Add".
  4. Enter the name Content-Security-Policy-Report-Only and value default-src 'none'; form-action 'none'; frame-ancestors 'none';.

Nginx Web Servers

For Nginx, edit your nginx.conf file to below:

add_header Content-Security-Policy-Report-Only "default-src 'none'; form-action 'none'; frame-ancestors 'none';"

Netlify

If you use something awesome like Netlify, they have a how to. Plugins also exist for frameworks like Gatsby on Netlify. As of writing this, I'm using this setup for my blog & love it. I highly recommend this setup for any front end of a website unless it has a long build time & frequent updates. You get a CDN, a performance optimized configuration, continous deployment, & A/B testing for free.

Matt Ferderer

I am a Software Developer primarily using JavaScript and C#. I write about Building Software, Web Security and Artificial Intelligence. Besides tech, I occasionally write about fitness, education & business.

comment

Comments