Setting headers with an .htaccess file

What are http headers?

HTTP headers are part of an HTTP request and response. They define the operating parameters of an HTTP transaction. View the following link for further details.

You can use an .htaccess file to adjust or add headers to your HTTP response headers.

Creating an .htaccess file on your DreamHost web server

View the following article for instructions on how to create an .htaccess file on your web server:

If the file already exists, view the following articles for instructions on how to update it (depending on if you're using an FTP client or SSH):

Troubleshooting header issues for PHP files

If you notice the headers you have added to your .htaccess file are not functioning properly with PHP files, check to see if your site is running in PHP CGI mode.

These directions explain how to view and change the PHP version of your site. When changing the version, you have the options of:

  • CGI
  • FastCGI

If your site is already using CGI, try setting it to FastCGI instead. This should resolve your header issues for PHP files.

Adding a content-type=UTF-8 header

Use either one of the following in an .htaccess file to force the specific content-type header. A charset header specifies the character encoding of the document. This adds the header without having to use a meta tag:

AddDefaultCharset UTF-8   
AddDefaultCharset ISO-8859-1

Adding a language header

Use the following in an .htaccess file to specify a language header. This adds the header without having to use a meta tag:

DefaultLanguage en-us

Cache-Control headers

One of the most common headers to add to a page is Cache-Control. This defines the amount of time a file should be cached.

For example, if the Cache-Control header is set to 5 minutes, a browser will download the file and cache it for five minutes. After 5 minutes has expired, the file will have to be retrieved again from the server.


This example allows any visitor to cache the page for 5 minutes.

Header set Cache-Control "max-age=300, public"


max-age is set in seconds.

The caching directive is next. It can be public, private, or no-store. Most often, you want to keep this as public so it applies to all visitors.

Using the 'Vary' HTTP header for mobile sites

The following are default settings on DreamHost servers and do not need to be enabled. However, you can adjust these values in your .htaccess file as needed:

<IfModule mod_headers.c>
  <FilesMatch ".(js|css|xml|png|gz|html|woff2|slim.min.js)$">
    Header append Vary: Accept-Encoding

View the following link from Google that explains in detail how to use the Vary header for a mobile site:

Security headers

There are several headers dedicated to securing your website. View the following article for examples of security headers.

Enabling CORS

View the following article for information on how to configure CORS headers.

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?