How to add a Header

This is a short guide on how to add a header to a web server. I'm creating this to use as a refence for other posts.

If you don't know what a header is, this won't help you. You should read about HTTP Headers and Response Headers first.

If you do know what a header is, but need a quick reminder on how to add one to a server you're not familiar with or haven't used in a while, see below.

Apache Web Servers

For Apache, edit your httpd.conf or .htaccess file to the following:

Header set Content-Security-Policy-Report-Only "default-src 'none'; form-action 'none'; frame-ancestors 'none';"

IIS Web Servers

  1. Open IIS Manager
  2. Select the site
  3. Go to HTTP Response Headers and under actions click "Add".
  4. Enter the name Content-Security-Policy-Report-Only and value default-src 'none'; form-action 'none'; frame-ancestors 'none';.

Nginx Web Servers

For Nginx, edit your nginx.conf file to below:

add_header Content-Security-Policy-Report-Only "default-src 'none'; form-action 'none'; frame-ancestors 'none';"


If you use something awesome like Netlify, they have a how to. Plugins also exist for frameworks like Gatsby on Netlify. As of writing this, I'm using this setup for my blog & love it. I highly recommend this setup for any front end of a website unless it has a long build time & frequent updates. You get a CDN, a performance optimized configuration, continous deployment, & A/B testing for free.

One Last Thing...

If you have a question or see a mistake, please comment below.

If you found this post helpful, please share it with others. It's the best thanks I can ask for & it gives me momentum to keep writing!

Matt Ferderer
Software Developer focused on making great user experiences. I enjoy learning, sharing & helping others make amazing things.
Let's Connect