Set Apache HTTP header except for specified URL

I'm using Apache 2.2 and want to set the X-Frame-Options header to "deny" across most of the site. I can turn it on unconditionally using mod_headers. However, there is one CGI scripts that returns content that has to be framed, so I need to turn it off for that script. Is there a way to do this?

I'm using Debian's Apache 2.2.9.


Try using the SetEnvIf directive, coupled with env in your Header directive:

SetEnvIf Request_URI "/MyCGI" is_cgi
Header set X-Frame-Options some-value env=!is_cgi

(or something close to that :-))


You can use the Location directive.

<Location /url/fragment/to/my/cgi/script>
  Header unset X-Frame-Options
</Location>