You need to have mod_headers installed, or you might get error 500. You can wrap the setting of headers in a condition to check if mod_headers is present or not.
<FilesMatch "\.(html|htm|js|css)$"> <ifModule mod_headers.c> Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate" Header set Expires "Thu, 1 Jan 2015 05:00:00 GMT" </ifModule> </FilesMatch>
You can also unset headers. For example, if you're behind a load balacer the real visitor IP could be passed in form of a custom header you don't want to expose to the application.
Header unset Real-Visitor-IP
Besides expiration and etags, and webserver specific custom headers, you shouldn't tamper with headers at webserver level. Most of them should be managed at the application level, and you would prevent some frameworks from working normally if you pass them altered content types.