Comment by throwanem - Hacker Neue

throwanem Aug 9, 2025 parent

Sure, if you wanted to deal with configuring Apache. Or getting your hosting provider to do that. If you knew to ask, and didn't mind waiting, and your hosting provider knew how...

dudus Aug 9, 2025

Not sure what you are on about. Adding an HTTP header to a request is one of the easiest things to do.

urquhartfe Aug 9, 2025

I think you are the one who doesn't know what they are on about.

First, the header must be added to the response, not the request.

Second, in many environments (managed hosting etc.) there is not an easy way (or indeed a way at all) of adding headers to responses.

KTibow Aug 9, 2025

> Second, in many environments (managed hosting etc.) there is not an easy way (or indeed a way at all) of adding headers to responses.

It's getting better. Most serverless hosts (including Cloudflare, which this site uses) follow the (req: Request) => Response pattern, which by definition allows sending headers.

bapak Aug 10, 2025

What are you talking about. Any non-static hosting will let you specify headers with a plain php function. Any baseline shared hosting offers that kind of control and has done so for the past 20+ years.

dylan604 Aug 9, 2025

is that something that could have be done in the dot file for server override? what was it, .htaccess or something?

throwanem OP Aug 9, 2025

Sure, if you wanted to deal with configuring Apache. Or getting your hosting provider to do that. If you knew to ask, and didn't mind waiting, and your hosting provider knew how...and was willing to do it, a condition I forgot to add in my last comment here, but which applies equally there. (User-provided .htaccess files were the source of a number of relatively high-profile early CVEs, as I recall. Apache grew a number of options for trusting their content, and I want to say before very long you could not rely on anything working past simple HTTP-Basic credential management.)

Oldschool shared web hosting was a shockingly deprived environment by modern standards, which is why my Linode account turned old enough a few months ago to buy a drink in a bar: $20 a month in 2004 was amply worth gaining a degree of control over web server configuration which is broadly the default assumption now.

Since I was also administering some shared web hosting in my own right at the time - partially overlapping with my web design work targeting shared hosting, since some customers preferred to BYO - I don't blame admins for being difficult to work with; we all had good reason to be, with the afterthought security typically was everywhere in those days. But you begin perhaps to see why bypassing the whole rigamarole with a hint to the client was attractive.

dylan604 Aug 9, 2025

but that was the point of the dot file to allow vhosts to change the default server settings without needing access to the root config. maybe they weren't designed specifically for vhosts, but that was my main use of them.

6 More Comments →

astrange Aug 10, 2025

Ever tried doing it in nginx? You'll find `add_header` doesn't work at all the way you think it does.

And it doesn't allow overrides in dotfiles since that's not performant or secure.

This item has no comments currently.