Question Description: I want to set my site "Access-Control-Allow-Origin", so I set it in apache's config (almost anywhere), but it's not working. I also set other headers for testing, but it's still not working too.

Apache version: 2.2.22

Apache modules: http://www.anwcl.com/test/show_modules.php

My target url:

http://www.anwcl.com/test/test_only_div.html

And it's linked to my local file:

e:\wamp\www\test\test_only_div.html

---

And here's my apache's configurations:

E:\wamp\bin\apache\apache2.2.22\conf\httpd.conf

...
LoadModule headers_module modules/mod_headers.so
...
Include conf/extra/httpd-vhosts.conf
...

E:\wamp\bin\apache\apache2.2.22\conf\extra\httpd-vhosts.conf

NameVirtualHost *:80
<VirtualHost *:80>
    Header add Access-Control-Allow-Origin "*"
    Header echo ^TS
    Header add MyHeader "Hello Joe. It took %D microseconds for Apache to serve this request."
    ServerAdmin [email protected]
    DocumentRoot "E:/wamp/www/"
    ServerName www.anwcl.com
    ErrorLog "logs/xxx.log"
    CustomLog "logs/xxx.log" common
    <Directory "E:/wamp/www/">
        Header add Access-Control-Allow-Origin "*"
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

E:\wamp\www\.htaccess

Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

E:\wamp\www\test\.htaccess

Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

---

And here's Wireshark's caps, there are no expected headers :

http://www.anwcl.com/question/apache-mod-headers-not-working.jpg
http://www.anwcl.com/question/apache-mod-headers-not-working-304.jpg

I also ran into this issue and fixed it when I realized I was modifying the wrong Virtual-host in my config file found here: /etc/apache2/sites-enabled/000-default.conf.

I was modifying the default VirtualHost config when I was using one with a different port.

<VirtualHost *:6000>
        Header set Access-Control-Allow-Origin "*"
</VirtualHost>

I also ran into the error Dylan Maxey described and got around it by disabling the cache in the browser inspector: Here is also a link to a site I found helpful: https://enable-cors.org/server_apache.html

Check output of php_info() to see if mod_headers is loaded from your apache webserver.

The changes could have possibly taken place and you aren't seeing the changes within your browser. This is especially typical if you're serving static files like the images you're trying to alter the headers of.

You can even have chrome disable cache while viewing the page with the Javascript console open and still not see the changes take effect.

What you'll want to look for is the response code. If it's a 304, the server has recognized that your browser already has a valid representation of the requested file, and will serve that file. If it does, you will not see the headers you've added after your browser initially downloaded that page.

To see if this is the case, change the url to http://myexample.com/myimage.jpg?t=1, or any other random query parameter and see if that works.

For my case, adding the Header set "key" "value" did not work. I had to use RequestHeader set "key" "value" for the ProxyPass to send the header.

<VirtualHost *:443>
  ServerName myserver.com
  ServerAlias www.myserver.com

  ProxyRequests Off
  ProxyPreserveHost On
  ProxyPass / http://127.0.0.1:8081/
  ProxyPassReverse / http://127.0.0.1:8081/
  RequestHeader set "X-Forwarded-Proto" "https"
  #
  # Setup SSL
  #
  # SSLProxyEngine on
  SSLEngine on
  SSLCertificateFile location-to-certificate.crt
  SSLCertificateKeyFile location-to-private.key
  SSLCertificateChainFile location-to-ca_bundle.crt
</VirtualHost>